IBM i PTF Guide, Volume 24, Number 49

December 7, 2022 Doug Bidwell

It is another one of those weeks when there are a slew of security vulnerabilities to attend to. Four that we know of, to be precise.

First, there is Security Bulletin: IBM WebSphere Application Server Liberty is vulnerable to a denial of service due to Google protobuf-java (CVE-2022-3171, CVE-2022-3509), which you can read more about at this link. This vulnerability affects IBM WebSphere Application Server Liberty versions 21.0.0.2 through 22.0.0.12.

Second, there is Security Bulletin: ISC BIND on IBM i is vulnerable to denial of service due to memory leaks and a flaw in resolver code (CVE-2022-2795, CVE-2022-38177, CVE-2022-38178), which you can find out more about here. The IBM i PTF numbers contain the fix for the vulnerabilities:

IBM i Release 5770-SS1		PTF Number 
7.5				SI81706	
7.4				SI81707	
7.3				SI81708	
7.2				SI81709

Third, there is Security Bulletin: Digital Certificate Manager for IBM i is vulnerable to cross-site scripting (CVE-2022-34358), which you can see more about here. The IBM i PTF numbers contain the fix for the vulnerability:

IBM i Release 5770-SS1		PTF Number
7.5				SI80415	
7.4				SI80414	
7.3				SI80413	
7.2				SI80412	

<pre class=”code”>

Additional URLs were identified that can be used for a cross-site scripting attack resulting in superseded PTFs. The IBM i superseding PTF numbers contain the fix for the vulnerability:

IBM i Release	5770-SS1	PTF Number	
7.5				SI81854	
7.4				SI81853	
7.3				SI81852	
7.2				SI81845	

It is recommended that the heritage version of Digital Certificate Manager not be used. PTFs are available that disable the heritage version of Digital Certificate Manager. IBM i releases 7.5, 7.4, and 7.3 will be disabled. The IBM i PTF numbers to disable heritage version of Digital Certificate Manager:

IBM i Release	5770-DG1	PTF Number
7.5				SI81417	
7.4				SI81418	
7.3				SI81419

And fourth, there is Security Bulletin: ISC DHCP server for IBM i is vulnerable to a denial of service attack due to a memory leak and reference count overflow (CVE-2022-2928, CVE-2022-2929), which you can get more information about at this link here. The IBM i PTF numbers contain the fix for the vulnerabilities.

IBM i Release	5770-SS1	PTF Number
7.5				SI81438
7.4				SI81439
7.3				SI81440
7.2				SI81441

Now, here is the rundown of PTF Groups by IBM i release level since we last published:

PTF Groups 7.5:

• Latest Cumulative PTF Package
• HIPERs (High Impact/Pervasive)
• Security
• Technology Refresh
• DB2 for IBM i

PTF Groups 7.4:

• Latest Cumulative PTF Package
• HIPERs (High Impact/Pervasive)
• Security
• Technology Refresh
• DB2 for IBM i
• IBM Db2 Mirror for i
• Temporary Storage PTFs

PTF Groups 7.3:

• Latest Cumulative PTF Package
• HIPERs (High Impact/Pervasive)
• Security
• Technology Refresh

PTF Groups 7.2:

• HIPERs (High Impact/Pervasive)
• Security

New (or Updated) links added to the ‘Links’ tab in the guide this week:

• DBU: ProData – Home of DBU

New (or Updated) links added to the ‘QMGtools’ tab in the guide this week:

• None

New (or Updated) links added to the ‘ACS_NAV’ tab in the guide this week:

• None

New (or Updated) links added to the ‘Prtr Links’ tab in the guide this week:

• Nadda

Tips/Definitions: How long has it been since you did a SAVE 21?

The Guide at a glance: There are no new defectives this week (12/03/22). Here is the defective PTF rundown, which is the last defective for each release:

	Defect		Defective	APAR	Fixing
	Date		PTF			PTF
	--------	--------	-------	-------
7.5	11/22/22	SI81328		SE78918	SI81867 (When available)
7.4	12/01/22	MF69286	MA49947	MF70500 (When available)
7.3	12/01/22	MF69085	MA49947	MF70499 (When available)
7.2	12/08/21	SI77634		SE73420	SI78039	(Read the link in the guide!)

Be sure to access the link in the Guide for further details.

Below is the usual archive of the IBM i PTF Guide to help you work through the PTFs in chronological order:

December 3, 2022: Volume 24, Number 49

November 26, 2022: Volume 24, Number 48

November 19, 2022: Volume 24, Number 47

November 12, 2022: Volume 24, Number 46

November 5, 2022: Volume 24, Number 45

October 29, 2022: Volume 24, Number 44

October 22, 2022: Volume 24, Number 43

October 15, 2022: Volume 24, Number 42

October 8, 2022: Volume 24, Number 41

October 1, 2022: Volume 24, Number 40

September 24, 2022: Volume 24, Number 39

September 17, 2022: Volume 24, Number 38

September 10, 2022: Volume 24, Number 37

September 3, 2022: Volume 24, Number 36

August 27, 2022: Volume 24, Number 35

August 20, 2022: Volume 24, Number 34

August 13, 2022: Volume 24, Number 33

August 6, 2022: Volume 24, Number 32

July 30, 2022: Volume 24, Number 31

July 23, 2022: Volume 24, Number 30

July 16, 2022: Volume 24, Number 29

July 9, 2022: Volume 24, Number 28

June 25, 2022: Volume 24, Number 26

June 18, 2022: Volume 24, Number 25

June 11, 2022: Volume 24, Number 24

June 4, 2022: Volume 24, Number 23

May 28, 2022: Volume 24, Number 22

May 25, 2022: Volume 24, Number 21

May 14, 2022: Volume 24, Number 20

May 7, 2022: Volume 24, Number 19

April 30, 2022: Volume 24, Number 18

April 23, 2022: Volume 24, Number 17

April 16, 2022: Volume 24, Number 16

April 2, 2022: Volume 24, Number 14

March 26, 2022: Volume 24, Number 13

March 19, 2022: Volume 24, Number 12

March 12, 2022: Volume 24, Number 11

March 5, 2022: Volume 24, Number 10

February 26, 2022: Volume 24, Number 9

February 19, 2022: Volume 24, Number 8

February 12, 2022: Volume 24, Number 7

February 5, 2022: Volume 24, Number 6

January 29, 2022: Volume 24, Number 5

January 22, 2022: Volume 24, Number 4

January 15, 2022: Volume 24, Number 3

January 8, 2022: Volume 24, Number 2

January 1, 2022: Volume 24, Number 1

December 6, 2021: Volume 23, Number 48

November 20, 2021: Volume 23, Number 47

November 13, 2021: Volume 23, Number 46

November 6, 2021: Volume 23, Number 45

October 30, 2021: Volume 23, Number 44

October 23, 2021: Volume 23, Number 43

October 16, 2021: Volume 23, Number 42

October 9, 2021: Volume 23, Number 41

October 2, 2021: Volume 23, Number 40

September 25, 2021: Volume 23, Number 39

September 18, 2021: Volume 23, Number 38

September 11, 2021: Volume 23, Number 37

September 4, 2021: Volume 23, Number 36

August 28, 2021: Volume 23, Number 35

August 21, 2021: Volume 23, Number 34

August 14, 2021: Volume 23, Number 33

August 7, 2021: Volume 23, Number 32

July 31, 2021: Volume 23, Number 31

July 24, 2021: Volume 23, Number 30

July 17, 2021: Volume 23, Number 29

July 10, 2021: Volume 23, Number 28

July 3, 2021: Volume 23, Number 27

June 26, 2021: Volume 23, Number 26

June 19, 2021: Volume 23, Number 25

June 12, 2021: Volume 23, Number 24

June 5, 2021: Volume 23, Number 23

June 5, 2021: Volume 23, Number 22

May 22, 2021: Volume 23, Number 21

May 15, 2021: Volume 23, Number 20

May 8, 2021: Volume 23, Number 19

May 1, 2021: Volume 23, Number 18

April 24, 2021: Volume 23, Number 17

April 17, 2021: Volume 23, Number 16

April 10, 2021: Volume 23, Number 15

April 3, 2021: Volume 23, Number 14

March 27, 2021: Volume 23, Number 13

March 20, 2021: Volume 23, Number 12

March 13, 2021: Volume 23, Number 11

March 6, 2021: Volume 23, Number 10

February 27, 2021: Volume 23, Number 9

February 20, 2021: Volume 23, Number 8

February 13, 2021: Volume 23, Number 7

February 6, 2021: Volume 23, Number 6

January 31, 2021: Volume 23, Number 5

January 23, 2021: Volume 23, Number 4

January 16, 2021: Volume 23, Number 3

January 9, 2021: Volume 23, Number 2

January 2, 2021: Volume 23, Number 1

December 26, 2020: Volume 22, Number 52

December 19, 2020: Volume 22, Number 51

December 12, 2020: Volume 22, Number 50

December 5, 2020: Volume 22, Number 49