IBM i PTF Guide, Volume 25, Number 37
September 18, 2023 Doug Bidwell
There are a few things you can count on in life. Death. Taxes. Coffee. Beer. The love of a good woman. And a seemingly endless barrage of security vulnerabilities for every computing platform on Earth. There are a bunch of the latter that are new to the IBM i platform this week.
First, we have Security Bulletin: OpenSSL and OpenSSH for IBM i are vulnerable to arbitrary code execution, denial of service, and security restrictions bypass due to multiple vulnerabilities, which you can find out more about at this link. The IBM i PTF number for 5733-SC1 contains the fixes for the vulnerabilities:
IBM i Release PTF Number 7.5 SI84261 7.4, 7.3, 7.2 SI84245
Second, we have Security Bulletin: IBM i Modernization Engine for Lifecycle Integration (Merlin) is vulnerable to multiple vulnerabilities, with more information about it here. IBM i Modernization Engine for Lifecycle Integration, Version(s) 1.0 – 1.4.3, follow instructions to download and install v1.4.4
Third, we have Security Bulletin: IBM HTTP Server (powered by Apache) for IBM i is vulnerable to HTTP request splitting attacks due to an error using mod_proxy (CVE-2023-25690). More information here, and the issue can be fixed by applying a PTF to IBM i:
IBM i Release PTF Number 7.5 SI84198 7.4 SI84195 7.3 SI84194 7.2 SI84193
Fourth, we have Security Bulletin: IBM Java SDK and IBM Java Runtime for IBM i are vulnerable to arbitrary code execution due to an unsafe deserialization flaw (CVE-2022-40609), with details about it at this link. The IBM i Group PTF numbers contain the fixes for the vulnerabilities:
IBM i Release Group PTF Number and Level 7.5 SF99955 Level 6 7.4 SF99665 Level 19 7.3 SF99725 Level 29
Furthermore, there are some security and HIPER updates for IBM i 7.2. Information about the SF99719 720 Group HIPER – level 233 at this link, and information about SF99718 720 Group Security – level 122 at this link.
Here is the rundown of PTF Groups by IBM i release level since we last published:
PTF Groups 7.5:
- HIPERs (High Impact/Pervasive)
- Security
- IBM MQ for IBM i – v9.2.0/v9.3.0
PTF Groups 7.4:
- HIPERs (High Impact/Pervasive)
- Security
- MQ for IBM i – v9.0.0/v9.1.0/v9.2.0/v9.3.0
PTF Groups 7.3:
- HIPERs (High Impact/Pervasive)
- Security
- MQ for IBM i – v7.1.0/v8.0.0/V9.0.0/V9.1/V9.2
Tip O’ The Week: RSTLIB SAVLIB(*NONSYS) DEV(TAP01) OUTPUT(*PRINT) DFRID(*DFT)
Read this link for more info.
New (or Updated) links added to the ‘Links’ tab in the guide this week:
- Merlin: IBM i Modernization Engine for Lifecycle Integration (Merlin) Overview, 6574839
- FAX400: Upgrading and Installing Facsimile Support, 644725
- FAX400 : Frequently Asked Questions on Upgrading and Installing Facsimile Support, 644201
- SST: Default SST profiles with default passwords are Expired after PTF upgrade, 1127871
- QNTC: IBM i NetClient file system (QNTC), N/A
New (or Updated) links added to the ‘QMGtools’ tab in the guide this week:
- Nothing here
New (or Updated) links added to the ‘ACS_NAV’ tab in the guide this week:
- Nothing here, too
New (or Updated) links added to the ‘Prtr Links’ tab in the guide this week:
- Nothing here as well
New (or Updated) links Redbooks added this week:
- IBM Power S1014, S1022s, S1022, and S1024 Technical Overview and Introduction
- IBM Power E1050: Technical Overview and Introduction
- IBM Power E1080: Technical Overview and Introduction
The Guide at a glance: There are new defectives this week (09/09/23). Here is the defective PTF rundown, which is the last defective for each release:
Defect Defective APAR Fixing Date PTF PTF -------- -------- ------- ------------------------ 7.5 08/25/23 SI84098 SE80391 SI84411 (When available) 7.4 08/25/23 SI84153 SE80391 SI84419 (When available) 7.3 08/25/23 SI84157 SE80391 SI84438 (When available)
Be sure to access the link in the Guide for further details.
Below is the usual archive of the IBM i PTF Guide to help you work through the PTFs in chronological order:
September 9, 2023: Volume 25, Number 37
September 2, 2023: Volume 25, Number 36
August 26, 2023: Volume 25, Number 35
August 19, 2023: Volume 25, Number 34
August 12, 2023: Volume 25, Number 33
August 5, 2023: Volume 25, Number 32
July 29, 2023: Volume 25, Number 31
July 22, 2023: Volume 25, Number 30
July 15, 2023: Volume 25, Number 29
July 8, 2023: Volume 25, Number 28
July 1, 2023: Volume 25, Number 27
June 24, 2023: Volume 25, Number 26
June 17, 2023: Volume 25, Number 25
June 10, 2023: Volume 25, Number 24
June 3, 2023: Volume 25, Number 23
May 27, 2023: Volume 25, Number 22
May 20, 2023: Volume 25, Number 21
May 13, 2023: Volume 25, Number 20
May 6, 2023: Volume 25, Number 19
April 29, 2023: Volume 25, Number 18
April 22, 2023: Volume 25, Number 17
April 15, 2023: Volume 25, Number 16
April 8, 2023: Volume 25, Number 15
April 1, 2023: Volume 25, Number 14
March 25, 2023: Volume 25, Number 13
March 18, 2023: Volume 25, Number 12
March 11, 2023: Volume 25, Number 11
March 4, 2023: Volume 25, Number 10
February 25, 2023: Volume 25, Number 9
February 18, 2023: Volume 25, Number 8
February 13, 2023: Volume 25, Number 7
February 4, 2023: Volume 25, Number 6
January 28, 2023: Volume 25, Number 5
January 21, 2023: Volume 25, Number 4
January 14, 2023: Volume 25, Number 3
January 7, 2023: Volume 25, Number 2
January 1, 2023: Volume 25, Number 1
December 10, 2022: Volume 24, Number 50
December 3, 2022: Volume 24, Number 49
November 26, 2022: Volume 24, Number 48
November 19, 2022: Volume 24, Number 47
November 12, 2022: Volume 24, Number 46
November 5, 2022: Volume 24, Number 45
October 29, 2022: Volume 24, Number 44
October 22, 2022: Volume 24, Number 43
October 15, 2022: Volume 24, Number 42
October 8, 2022: Volume 24, Number 41
October 1, 2022: Volume 24, Number 40
September 24, 2022: Volume 24, Number 39
September 17, 2022: Volume 24, Number 38
September 10, 2022: Volume 24, Number 37
September 3, 2022: Volume 24, Number 36
August 27, 2022: Volume 24, Number 35
August 20, 2022: Volume 24, Number 34
August 13, 2022: Volume 24, Number 33
August 6, 2022: Volume 24, Number 32
July 30, 2022: Volume 24, Number 31
July 23, 2022: Volume 24, Number 30
July 16, 2022: Volume 24, Number 29
July 9, 2022: Volume 24, Number 28
June 25, 2022: Volume 24, Number 26
June 18, 2022: Volume 24, Number 25
June 11, 2022: Volume 24, Number 24
June 4, 2022: Volume 24, Number 23
May 28, 2022: Volume 24, Number 22
May 25, 2022: Volume 24, Number 21
May 14, 2022: Volume 24, Number 20
May 7, 2022: Volume 24, Number 19
April 30, 2022: Volume 24, Number 18
April 23, 2022: Volume 24, Number 17
April 16, 2022: Volume 24, Number 16
April 2, 2022: Volume 24, Number 14
March 26, 2022: Volume 24, Number 13
March 19, 2022: Volume 24, Number 12
March 12, 2022: Volume 24, Number 11
March 5, 2022: Volume 24, Number 10
February 26, 2022: Volume 24, Number 9
February 19, 2022: Volume 24, Number 8
February 12, 2022: Volume 24, Number 7
February 5, 2022: Volume 24, Number 6
January 29, 2022: Volume 24, Number 5
January 22, 2022: Volume 24, Number 4
January 15, 2022: Volume 24, Number 3
January 8, 2022: Volume 24, Number 2
January 1, 2022: Volume 24, Number 1
December 6, 2021: Volume 23, Number 48
November 20, 2021: Volume 23, Number 47
November 13, 2021: Volume 23, Number 46
November 6, 2021: Volume 23, Number 45
October 30, 2021: Volume 23, Number 44
October 23, 2021: Volume 23, Number 43
October 16, 2021: Volume 23, Number 42
October 9, 2021: Volume 23, Number 41
October 2, 2021: Volume 23, Number 40
September 25, 2021: Volume 23, Number 39
September 18, 2021: Volume 23, Number 38
