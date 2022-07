IBM i PTF Guide, Volume 24, Number 29

Doug Bidwell

Please note that we will be moving V7R1M0 from weekly update to archive. Anything new we are informed of that impacts IBM i 7.1, we will post here in the What’s NEW! Section at the top of the story. Also, if you have any IBM i 7.1 requests going forward, we will do our best to provide responses for. Thank you for your readership and support!

To begin with, there are Save and Restore Enhancements for IBM i 7.5, which you can find out more about here. RSTUSRPRF USRPRF(*ALL) no longer requires a dedicated system. The progress message displayed during an IFS restore now includes the size of objects that completed the restore operation.

And now, a slew of security vulnerabilities.

First, we have Security Bulletin: Zlib for IBM i is vulnerable to a denial of service attack due to memory corruption (CVE-2018-25032), which you can read about here. IBM i Release and PTF:

5733-SC1 PTF Number 7.5 SI80205 7.4, 7.3, 7.2 SI80203

Second, we have Security Bulletin: IBM WebSphere Application Server Liberty for IBM i is vulnerable to identity spoofing and port status query (CVE-2022-22475 CVE-2022-22393), which you can see at this link. IBM i Release and PTF:

5770-SS1 PTF Number 7.5 SI79987 7.4 SI79988 7.3 SI79990 7.2 SI79991

Third, check out Security Bulletin: OpenSSL for IBM i is vulnerable to command injection due to a flaw in c_rehash script (CVE-2022-1292), which you can find out more about here. IBM i Release and PTF:

5733-SC1 PTF Number 7.5 SI80204 7.4, 7.3, 7.2 SI80203

Fourth, don’t forget about Security Bulletin: Digital Certificate Manager for IBM i is vulnerable to cross-site scripting (CVE-2022-34358), which you can find out more about at this link. IBM i Release and PTF:

5770-SS1 PTF Number 7.5 SI80415 7.4 SI80414 7.3 SI80413 7.2 SI80412

And, finally, fifth, see Security Bulletin: IBM i is vulnerable to denial of service and cache poisoning attacks due to flaws in ISC BIND (CVE-2022-0396, CVE-2021-25220), which you can take a look at from this link. IBM i Release and PTF:

5770-SS1 PTF Number 7.5 SI80440 SI80443 SI80458 7.4 SI80430 SI80431 SI80455 7.3 SI80437 SI80438 SI80456 7.2 SI80439 SI80457

Here is the rundown of PTF Groups by IBM i release level since we last published:

PTF Groups 7.5:

HIPERs (High Impact/Pervasive)

Security

QMGTools

PTF Groups 7.4:

HIPERs (High Impact/Pervasive)

Security

MQ for IBM i – v7.1.0/v8.0.0/V9.0.0/V9.1/V9.2

QMGTools

PTF Groups 7.3:

HIPERs (High Impact/Pervasive)

Security

MQ for IBM i – v7.1.0/v8.0.0/V9.0.0/V9.1/V9.2

QMGTools

PTF Groups 7.2:

HIPERs (High Impact/Pervasive)

Security

QMGTools

New (or Updated) links added to the ‘Links’ tab in the guide this week:

Nadda

New (or Updated) links added to the ‘QMGtools’ tab in the guide this week:

QMGTOOLS: Internals Menu 645327

New (or Updated) links added to the ‘ACS_NAV’ tab in the guide this week:

Content Manager OnDemand for i 6578747

How to Configure IBM Navigator for i For Single Sign On (SSO) 6593749

Importing And Configuring A Certificate From Digital Certificate Manager To A Specified Keystore With ADMIN/IAS/IWS Application Servers 6591067

How to configure EIM and NAS using IBM Navigator for i 6597977

How to change the ports ADMIN server uses 666687

Ports Required for the HTTP Administration Console (ADMIN) 634929

Tips/Definitions: It is hot around the Northern Hemisphere. Stay hydrated, don’t overdo it.

The Guide at a glance: There are no new defectives this week (07/16/22). Here is the defective PTF rundown, which is the last defective for each release:

Defect Defective APAR Fixing Date PTF PTF -------- -------- ------- ------- 7.5 06/03/22 SI78809 SE78003 SI80094 (When available) 7.4 06/22/22 MF69859 MA49739 MF70026 (When available) MF69848 MF69823 MF69756 MF69743 MF69740 MF69736 MF69501 MF69477 MF69435 MF69411 MF69196 MF69193 MF68999 MF68985 7.3 06/22/22 MF69735 MA49739 MF70028 (When available) MF68984 7.2 12/08/21 SI77634 SE73420 SI78039 (Read the link in the guide!)

Be sure to access the link in the Guide for further details.

