IBM i PTF Guide, Volume 24, Number 24
June 15, 2022 Doug Bidwell
If it seems like just about every week there is a security vulnerability within the broad and deep expanse of the IBM i platform, well it isn’t just seeming like that. It is like that. And this week we start out with four news ones that you have to contend with in the IBM i PTF Guide.
First, we have Security Bulletin: Due to use of Spring Framework, IBM Db2 Web Query for i is vulnerable to unprotected fields (CVE-2022-22968), remote code execution (CVE-2022-22965), and denial of service (CVE-2022-22950). Find out more about that at this link. Here are the patches that address this vulnerability:
Affected Releases Group PTF and Minimum Level for Remediation IBM i 7.5 SF99671 level 6 IBM i 7.4 SF99654 level 6 IBM i 7.3 SF99533 level 6
Second, peruse Security Bulletin: IBM Db2 Mirror for i is vulnerable to directory traversal due to Moment.js (CVE-2022-24785). Read all about it on this page. Patches are as follows:
Affected Releases Group PTF/Minimum Level PTF 7.5 SF99951 level 1 SI79449 7.4 SF99668 level 19 SI79448
Third, we present to you Security Bulletin: IBM Db2 Mirror for i is vulnerable to denial of service due to gson 217225. Get the scoop on this at this link right here. Get your PTFs for this one:
Affected Releases Group PTF/Minimum Level PTF 7.5 SF99951 level 1 SI77900 7.4 SF99668 level 17 SI77899
And fourth, you will find Security Bulletin: IBM Db2 Mirror for i is vulnerable to cross-site scripting due to Angular (220414), and you can find out more about this vulnerability here and these are you patches:
Affected Releases Group PTF/Minimum Level PTF 7.5 SF99951 level 1 SI79449 7.4 SF99668 level 19 SI79448
Now, here is another thing: There is an Official Support Statement for the IBM WebSphere Application Server Product on the IBM i OS, which is IBM Document Number 645523. If you are running WAS in any version, you are gonna want to read this!!!
Here is the rundown of PTF Groups by IBM i release level since we last published, with IBM i 7.5 added in since it has been shipping for several weeks now:
PTF Groups 7.5:
- Db2 Web Query for i V2.3.0
- QMGTOOLS
PTF Groups 7.4:
- Db2 Web Query for i V2.3.0
- Fix list for IBM WebSphere Application Server Liberty
- QMGTOOLS
PTF Groups 7.3:
- Db2 Web Query for i V2.3.0
- Fix list for IBM WebSphere Application Server Liberty
- QMGTOOLS
PTF Groups 7.2:
- QMGTOOLS
PTF Groups 7.1:
- Zilch
New (or Updated) links added to the ‘Links’ tab in the guide this week:
- Nadda
New (or Updated) links added to the ‘QMGtools’ tab in the guide this week:
- Zip
New (or Updated) links added to the ‘ACS_NAV’ tab in the guide this week:
- Nothing here.
Tips/Definitions: Drink lots of water, change your socks, take Advil for pain, carry on. . . .
The Guide at a glance: There are no new defectives this week (06/11/22). Here is the defective PTF rundown, which is the last defective for each release:
Defect Defective APAR Fixing Date PTF PTF -------- -------- ------- ------- 7.5 06/03/22 SI78809 SE78003 SI80094 (When available) 7.4 06/03/22 SI79097 SE78003 SI80093 (When available) 7.3 06/03/22 SI79186 SE78003 SI80092 (When available) 7.2 12/08/21 SI77634 SE73420 SI78039 (Read the link in the guide!) 7.1 07/29/19 SI69653 SE71807 SI70603 (5733SC1, OpenSSH, available!)
Be sure to access the link in the Guide for further details.
Below is the usual archive of the IBM i PTF Guide to help you work through the PTFs in chronological order:
June 11, 2022: Volume 24, Number 24
June 4, 2022: Volume 24, Number 23
May 28, 2022: Volume 24, Number 22
May 25, 2022: Volume 24, Number 21
May 14, 2022: Volume 24, Number 20
May 7, 2022: Volume 24, Number 19
April 30, 2022: Volume 24, Number 18
April 23, 2022: Volume 24, Number 17
April 16, 2022: Volume 24, Number 16
April 2, 2022: Volume 24, Number 14
March 26, 2022: Volume 24, Number 13
March 19, 2022: Volume 24, Number 12
March 12, 2022: Volume 24, Number 11
March 5, 2022: Volume 24, Number 10
February 26, 2022: Volume 24, Number 9
February 19, 2022: Volume 24, Number 8
February 12, 2022: Volume 24, Number 7
February 5, 2022: Volume 24, Number 6
January 29, 2022: Volume 24, Number 5
January 22, 2022: Volume 24, Number 4
January 15, 2022: Volume 24, Number 3
January 8, 2022: Volume 24, Number 2
January 1, 2022: Volume 24, Number 1
December 6, 2021: Volume 23, Number 48
November 20, 2021: Volume 23, Number 47
November 13, 2021: Volume 23, Number 46
November 6, 2021: Volume 23, Number 45
October 30, 2021: Volume 23, Number 44
October 23, 2021: Volume 23, Number 43
October 16, 2021: Volume 23, Number 42
October 9, 2021: Volume 23, Number 41
October 2, 2021: Volume 23, Number 40
September 25, 2021: Volume 23, Number 39
September 18, 2021: Volume 23, Number 38
September 11, 2021: Volume 23, Number 37
September 4, 2021: Volume 23, Number 36
August 28, 2021: Volume 23, Number 35
August 21, 2021: Volume 23, Number 34
August 14, 2021: Volume 23, Number 33
August 7, 2021: Volume 23, Number 32
July 31, 2021: Volume 23, Number 31
July 24, 2021: Volume 23, Number 30
July 17, 2021: Volume 23, Number 29
July 10, 2021: Volume 23, Number 28
July 3, 2021: Volume 23, Number 27
June 26, 2021: Volume 23, Number 26
June 19, 2021: Volume 23, Number 25
June 12, 2021: Volume 23, Number 24
June 5, 2021: Volume 23, Number 23
June 5, 2021: Volume 23, Number 22
May 22, 2021: Volume 23, Number 21
May 15, 2021: Volume 23, Number 20
May 8, 2021: Volume 23, Number 19
May 1, 2021: Volume 23, Number 18
April 24, 2021: Volume 23, Number 17
April 17, 2021: Volume 23, Number 16
April 10, 2021: Volume 23, Number 15
April 3, 2021: Volume 23, Number 14
March 27, 2021: Volume 23, Number 13
March 20, 2021: Volume 23, Number 12
March 13, 2021: Volume 23, Number 11
March 6, 2021: Volume 23, Number 10
February 27, 2021: Volume 23, Number 9
February 20, 2021: Volume 23, Number 8
February 13, 2021: Volume 23, Number 7
February 6, 2021: Volume 23, Number 6
January 31, 2021: Volume 23, Number 5
January 23, 2021: Volume 23, Number 4
January 16, 2021: Volume 23, Number 3
January 9, 2021: Volume 23, Number 2
January 2, 2021: Volume 23, Number 1
December 26, 2020: Volume 22, Number 52
December 19, 2020: Volume 22, Number 51
December 12, 2020: Volume 22, Number 50
December 5, 2020: Volume 22, Number 49
November 28, 2020: Volume 22, Number 48
November 20, 2020: Volume 22, Number 47
November 14, 2020: Volume 22, Number 46
November 7, 2020: Volume 22, Number 45
October 31, 2020: Volume 22, Number 44
October 24, 2020: Volume 22, Number 43
October 17, 2020: Volume 22, Number 42
October 10, 2020: Volume 22, Number 41
October 3, 2020: Volume 22, Number 40
September 26, 2020: Volume 22, Number 39
September 19, 2020: Volume 22, Number 38
September 12, 2020: Volume 22, Number 37
September 5, 2020: Volume 22, Number 36
August 29, 2020: Volume 22, Number 35
August 22, 2020: Volume 22, Number 34
August 15, 2020: Volume 22, Number 33
August 9, 2020: Volume 22, Number 32
August 1, 2020: Volume 22, Number 31
July 25, 2020: Volume 22, Number 30
July 18, 2020: Volume 22, Number 29
July 11, 2020: Volume 22, Number 28
July 4, 2020: Volume 22, Number 27
June 27, 2020: Volume 22, Number 26
June 20, 2020: Volume 22, Number 25
June 13, 2020: Volume 22, Number 24
June 6, 2020: Volume 22, Number 23
May 30, 2020: Volume 22, Number 22
May 23, 2020: Volume 22, Number 21
May 16, 2020: Volume 22, Number 20
