IBM i PTF Guide, Volume 25, Number 14

Doug Bidwell

The IBM i 7.4 Technology Refresh 8 marker PTF is out, and we see it in HTTP Server Group 26. Nothing special so far, just the indication that it is out, but nothing on 7.3 or 7.5 groups, yet – only 7.4. Thank you, Jozef in New Zealand, for catching that, and sharing it! The Four Hundred collective thinks the IBM i TRs might be coming on April 11, but that has not been confirmed by Big Blue as yet.

We mostly suspect this will happen because that is when ITJ Editor Alex Woodie scheduled a trip to Hawaii with his family. . . .

Now, we have two security vulnerabilities and one patch that you need to be aware of.

First, we have Security Bulletin: IBM Db2 Web Query for i is vulnerable to attacker obtaining sensitive information due to Java string processing in IBM Toolbox for Java (CVE-2022-43928), which you can find more about at this link. Patches by IBM i release are:

IBM Db2 Web Query for i 5733WQX WQ Vers PTF VRM 5770DG1 Group PTF 2.3.0 SI82122, 7.5 SF99952 - 06 SI82140, 7.4 SF99662 - 26 SI82141 7.3 SF99722 - 43 2.4.0 SI82416, 7.5 SF99952 - 06 SI82119, 7.4 SF99662 - 26 SI82118

I realize the table reads crazy, but you need all three PTFs for each IBM i release.

Second, we have Security Bulletin: IBM Navigator for i and IBM Digital Certificate Manager for i are vulnerable to attacker obtaining sensitive information due to Java string processing in IBM Toolbox for Java (CVE-2022-43928). You can get more details about that here, and the patches are:

5770-DG1 IBM i Group Level 7.5 SF99952 - 06 7.4 SF99662 - 27 7.3 SF99722 - 44

Now, here is a bug you need to be aware of: ADMIN4 Job Terminates Suddenly When A User Profile Without *ALLOBJ and *IOSYSCFG Authority Accesses the IBM Web Administration GUI. Find out more about this here. Issue is introduced after applying the following IBM i HTTP Group PTF levels:

IBM i 7.5 – SF99952 level 5

IBM i 7.4 – SF99662 level 25

IBM i 7.3 – SF99722 level 42

Fixing PTF – 5770SS1:

IBM i 7.5 – SI82677

IBM i 7.4 – SI82679

IBM i 7.3 – SI82681

Here is the rundown of PTF Groups by IBM i release level since we last published:

PTF Groups 7.5:

Java

SAP

PTF Groups 7.4:

Java

SAP

PTF Groups 7.3:

IBM HTTP Server for i

SAP

PTF Groups 7.2:

Nothing here.

New (or Updated) links added to the ‘Links’ tab in the guide this week:

Nothing

New (or Updated) links added to the ‘QMGtools’ tab in the guide this week:

Nadda

New (or Updated) links added to the ‘ACS_NAV’ tab in the guide this week:

IBM i Access Client Solutions 5250 Macro Scripting, 666543

Digital Certificate Manager (DCM) Data Locations, Cleanup, and Recovery Information, 686981

New (or Updated) links added to the ‘Prtr Links’ tab in the guide this week:

Nothing here, either

New (or Updated) links Redbooks added this week:

Why doesn’t IBM do Redbooks the way it used to?

Tips/Definitions: Here is a cool little thing discovered and shared by our friend and reader, Joe Koontz. With ACS, the “active field” can be highlighted. To set this effect, do the following:

On the ACS screen –

Do this click sequence – Edit > Preferences > Appearance > Color > Other > Active field.

Click Yes to Highlight active field.

Toggle the dropdown for Background color. (Defaults to Yellow.)

The active field is whatever field your cursor is on, and now its colorful! Thank you, Joe.

The Guide at a glance: There are new defectives this week (04/01/23). Here is the defective PTF rundown, which is the last defective for each release:

Defect Defective APAR Fixing Date PTF PTF -------- -------- ------- ------- 7.5 02/24/23 MF70684 MA50069 MF70751 (When available) 7.4 02/24/23 MF70688 MA50069 MF70747 (When available) 7.3 02/22/23 MF70677 MA50059 MF70736 (When available) MF70600 MF70440 7.2 12/08/21 SI77634 SE73420 SI78039 (Read the link in the guide!)

Be sure to access the link in the Guide for further details.

