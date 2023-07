IBM i PTF Guide, Volume 25, Number 30

Doug Bidwell

The security vulnerabilities in the IBM i software stack are coming in waves. This week, there are three more to report, two of which we detail separately in this issue.

First, we have Security Bulletin: IBM Facsimile Support for i is vulnerable to local privilege escalation (CVE-2023-30988), which you can find out more about here. The issue can be fixed by applying a PTF to IBM i. IBM i releases 7.5, 7.4, 7.3, and 7.2 installed with 5798-FAX version V5R8M0 will be fixed. IBM i Release, 5798-FAX,V5R8M0 PTF Number SI83583 for 7.5, 7.4, 7.3, 7.2 – read the cover letter.

Second, we have Security Bulletin: IBM Performance Tools for i is vulnerable to local privilege escalation (CVE-2023-30989), with more information at this link. The issue can be fixed by applying a PTF to IBM i. IBM i releases 7.5, 7.4, 7.3, and 7.2 will be fixed. The IBM i PTF numbers for 5770-PT1 IBM Performance Tools for i contain the fix for the vulnerability:

IBM i Release 5770-PT1 PTF Number 7.5 SI83383 7.4 SI83383 7.3 SI83382 7.2 SI83381

Third, we have Security Bulletin: IBM Db2 Web Query for i is vulnerable to arbitrary code execution due to SnakeYaml [CVE-2022-1471], with more information at this link. Release 2.3.0 and 2.4.0 are supported and can be fixed by applying Program Temporary Fixes (PTFs) to the IBM i. The PTF numbers containing the fix for this vulnerability are in the following table:

IBM Db2 Web Query for i Release 5733WQX PTFs to apply for remediation:

IBM i LicPgm Group PTF - Level to apply for remediation 5733WQX 2.3.0 7.5 SF99671 - 09 7.4 SF99654 - 09 7.3 SF99533 - 09 5733WQX 2.4.0 SI83837----->Applies to any IBM i release SI83838----->Applies to any IBM i release

Here is the rundown of PTF Groups by IBM i release level since we last published:

PTF Groups 7.5:

HIPERs (High Impact/Pervasive)

Security

Db2 Web Query for i V2.3.0

Temporary Storage PTFs

PTF Groups 7.4:

HIPERs (High Impact/Pervasive)

Security

Db2 Web Query for i V2.3.0

PTF Groups 7.3:

HIPERs (High Impact/Pervasive)

Security

Db2 Web Query for i V2.3.0

Tip O’ The Week: We also want to remind you that IBM’s TechXchange 2023 conference is coming up, running from September 11 through 14. This is a must-attend event for technologists using IBM products and solutions, with over a thousand technical breakout sessions, hands-on experiences, product demonstrations, instructor-led labs, and certifications tailored to your interests. The agenda is packed and is available here.

New (or Updated) links added to the ‘Links’ tab in the guide this week:

Nothing new here to report

New (or Updated) links added to the ‘QMGtools’ tab in the guide this week:

Nothing here, either

New (or Updated) links added to the ‘ACS_NAV’ tab in the guide this week:

DCM: How to Renew a Local Certificate Authority (CA) in Digital Certificate Manager for i (DCM), 6614751

Media: IBM Navigator for i – A whole new world, YouTube 2022

WebQuery: Info APAR for DB2 Web Query on i V2R2M0, 1409871

WebQuery: DB2 Web Query for i, N/A

WebQuery: Web Query-PTFs and On-going Service, 1274716

WebQuery: WebQuery Release 2.3.0 PTFs and On-going Service, 6855673

WebQuery: WebQuery New Features All Releases, 1282156

New (or Updated) links added to the ‘Prtr Links’ tab in the guide this week:

Nothing here

New (or Updated) links Redbooks added this week:

And nothing here as well.

The Guide at a glance: There are new defectives this week (07/22/23). Here is the defective PTF rundown, which is the last defective for each release:

Defect Defective APAR Fixing Date PTF PTF -------- -------- ------- ------------------------ 7.5 07/07/23 SI83652 SE80124 SI84074 (When available) SI83634 SI83569 SI83484 SI83436 SI83434 SI83413 SI83330 SI83285 7.4 07/07/23 SI83651 SE80124 SI84075 (When available) SI83633 SI83437 SI83435 SI83412 SI83327 SI83284 7.3 05/26/23 SI79287 SE79905 SI83578 (When available)

Be sure to access the link in the Guide for further details.

Below is the usual archive of the IBM i PTF Guide to help you work through the PTFs in chronological order:

July 22, 2023: Volume 25, Number 30

July 15, 2023: Volume 25, Number 29

July 8, 2023: Volume 25, Number 28

July 1, 2023: Volume 25, Number 27

June 24, 2023: Volume 25, Number 26

June 17, 2023: Volume 25, Number 25

June 10, 2023: Volume 25, Number 24

June 3, 2023: Volume 25, Number 23

May 27, 2023: Volume 25, Number 22

May 20, 2023: Volume 25, Number 21

May 13, 2023: Volume 25, Number 20

May 6, 2023: Volume 25, Number 19

April 29, 2023: Volume 25, Number 18

April 22, 2023: Volume 25, Number 17

April 15, 2023: Volume 25, Number 16

April 8, 2023: Volume 25, Number 15

April 1, 2023: Volume 25, Number 14

March 25, 2023: Volume 25, Number 13

March 18, 2023: Volume 25, Number 12

March 11, 2023: Volume 25, Number 11

March 4, 2023: Volume 25, Number 10

February 25, 2023: Volume 25, Number 9

February 18, 2023: Volume 25, Number 8

February 13, 2023: Volume 25, Number 7

February 4, 2023: Volume 25, Number 6

January 28, 2023: Volume 25, Number 5

January 21, 2023: Volume 25, Number 4

January 14, 2023: Volume 25, Number 3

January 7, 2023: Volume 25, Number 2

January 1, 2023: Volume 25, Number 1

December 10, 2022: Volume 24, Number 50

December 3, 2022: Volume 24, Number 49

November 26, 2022: Volume 24, Number 48

November 19, 2022: Volume 24, Number 47

November 12, 2022: Volume 24, Number 46

November 5, 2022: Volume 24, Number 45

October 29, 2022: Volume 24, Number 44

October 22, 2022: Volume 24, Number 43

October 15, 2022: Volume 24, Number 42

October 8, 2022: Volume 24, Number 41

October 1, 2022: Volume 24, Number 40

September 24, 2022: Volume 24, Number 39

September 17, 2022: Volume 24, Number 38

September 10, 2022: Volume 24, Number 37

September 3, 2022: Volume 24, Number 36

August 27, 2022: Volume 24, Number 35

August 20, 2022: Volume 24, Number 34

August 13, 2022: Volume 24, Number 33

August 6, 2022: Volume 24, Number 32

July 30, 2022: Volume 24, Number 31

July 23, 2022: Volume 24, Number 30

July 16, 2022: Volume 24, Number 29

July 9, 2022: Volume 24, Number 28

June 25, 2022: Volume 24, Number 26

June 18, 2022: Volume 24, Number 25

June 11, 2022: Volume 24, Number 24

June 4, 2022: Volume 24, Number 23

May 28, 2022: Volume 24, Number 22

May 25, 2022: Volume 24, Number 21

May 14, 2022: Volume 24, Number 20

May 7, 2022: Volume 24, Number 19

April 30, 2022: Volume 24, Number 18

April 23, 2022: Volume 24, Number 17

April 16, 2022: Volume 24, Number 16

April 2, 2022: Volume 24, Number 14

March 26, 2022: Volume 24, Number 13

March 19, 2022: Volume 24, Number 12

March 12, 2022: Volume 24, Number 11

March 5, 2022: Volume 24, Number 10

February 26, 2022: Volume 24, Number 9

February 19, 2022: Volume 24, Number 8

February 12, 2022: Volume 24, Number 7

February 5, 2022: Volume 24, Number 6

January 29, 2022: Volume 24, Number 5

January 22, 2022: Volume 24, Number 4

January 15, 2022: Volume 24, Number 3

January 8, 2022: Volume 24, Number 2

January 1, 2022: Volume 24, Number 1

December 6, 2021: Volume 23, Number 48

November 20, 2021: Volume 23, Number 47

November 13, 2021: Volume 23, Number 46

November 6, 2021: Volume 23, Number 45

October 30, 2021: Volume 23, Number 44

October 23, 2021: Volume 23, Number 43

October 16, 2021: Volume 23, Number 42

October 9, 2021: Volume 23, Number 41

October 2, 2021: Volume 23, Number 40

September 25, 2021: Volume 23, Number 39

September 18, 2021: Volume 23, Number 38

September 11, 2021: Volume 23, Number 37

September 4, 2021: Volume 23, Number 36

August 28, 2021: Volume 23, Number 35

August 21, 2021: Volume 23, Number 34

August 14, 2021: Volume 23, Number 33

August 7, 2021: Volume 23, Number 32

July 31, 2021: Volume 23, Number 31

July 24, 2021: Volume 23, Number 30

July 17, 2021: Volume 23, Number 29

July 10, 2021: Volume 23, Number 28

July 3, 2021: Volume 23, Number 27

June 26, 2021: Volume 23, Number 26

June 19, 2021: Volume 23, Number 25

June 12, 2021: Volume 23, Number 24

June 5, 2021: Volume 23, Number 23

June 5, 2021: Volume 23, Number 22

May 22, 2021: Volume 23, Number 21

May 15, 2021: Volume 23, Number 20

May 8, 2021: Volume 23, Number 19

May 1, 2021: Volume 23, Number 18