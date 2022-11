IBM i PTF Guide, Volume 24, Number 44

Doug Bidwell

Remember all of those quiet weeks in PTF Land when nothing much was going on? There is a whole bunch of stuff this week.

First, starting October 26, IBM has enabled multi-factor authentication (MFA) for all its websites using IBMid. As a user on the Entitled Systems Support website, you are using IBMid to login, so you are impacted by the change. When you first login after the change is implemented, you will be asked to add an additional authentication method – either a code sent to your email or a supported mobile authenticator app available on Google Play Store or Apple App Store. Ensure you setup your multi-factor authentication as soon as possible, otherwise you might have issues logging in to any IBM website after October 26. You can find additional information and support for IBMid by going to this link.

Also, the current driver number for ODBC is the same as the current version of ACS Windows App Pkg English (64bit) 1.1.0.26 – 26 is the current ODBC driver version number. See the ACS_NAV tab in the guide for further details.

And now, let’s talk about security vulnerabilities.

First, we have Security Bulletin: IBM Java SDK and IBM Java Runtime for IBM i are vulnerable to unauthorized attacker causing integrity impact (CVE-2021-2163), which you can read more about here. Fixes are, by release:

IBM i Release 5770-JV1 Group PTF Number and Level 7.5 SF99955 Level 3 7.4 SF99665 Level 16 7.3 SF99725 Level 27 7.2 SF99716 Level 37

Second, we have Security Bulletin: IBM i is vulnerable to a denial of service caused by a memory corruption in the deflate operation of Zlib (CVE-2018-25032), which you can find out more about at this link.

IBM i Release 5770-999 PTF Number 7.5 MF70403 7.4 MF70398

And third, take a gander at Security Bulletin: IBM WebSphere Application Server Liberty is vulnerable to denial of service due to GraphQL Java (CVE-2022-37734), which you can see more about here. This is for IBM WebSphere Application Server Liberty 17.0.0.3 – 22.0.0.11 using the mpGraphQL-1.0 or mpGraphQL-2.0 features.

Now, here is the rundown of PTF Groups by IBM i release level since we last published:

PTF Groups 7.5:

Backup Recovery Solutions

Db2 Web Query for i V2.3.0

QMGTools

PTF Groups 7.4:

Backup Recovery Solutions

Db2 Web Query for i V2.3.0

Fix list for IBM WebSphere Application Server Liberty

QMGTools

PTF Groups 7.3:

Backup Recovery Solutions

Fix list for IBM WebSphere Application Server Liberty

QMGTools

PTF Groups 7.2:

QMGTools

New (or Updated) links added to the ‘Links’ tab in the guide this week:

DB2: Db2 Mirror Services (SQL), 6829119

NVME: Creating NVMe namespaces and adding them to an ASP, 6472897

New (or Updated) links added to the ‘QMGtools’ tab in the guide this week:

None

New (or Updated) links added to the ‘ACS_NAV’ tab in the guide this week:

IBM i Access: ACS Updates for Windows, 6435239

New (or Updated) links added to the ‘Prtr Links’ tab in the guide this week:

Creating a Workstation Customizing Object – Simplified, 644105

Drawer Redirection for HP PCL5 Compatible Printers, 683081

Tips/Definitions: How long has it been since you deleted your SQLPKG’s?

The Guide at a glance: There are new defectives this week (10/29/22). Here is the defective PTF rundown, which is the last defective for each release:

Defect Defective APAR Fixing Date PTF PTF -------- -------- ------- ------- 7.5 10/17/22 SI80935 SE78596 SI81306 (Latest TR required, read cover letter) 7.4 10/06/22 SI78850 SE78596 SI81304 (When available) 7.3 10/06/22 SI79965 SE78596 SI81305 (When available) 7.2 12/08/21 SI77634 SE73420 SI78039 (Read the link in the guide!)

Be sure to access the link in the Guide for further details.

