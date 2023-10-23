IBM i PTF Guide, Volume 25, Number 43

Doug Bidwell

Busy, busy, busy. That is what the good people at IBM Rochester have been in the past week, with a slew of PTFs for the currently supported releases – that is IBM i 7.5 and IBM i 7.4 that are on standard support and IBM i 7.3 that just went into extended support at the end of September, a trio of security vulnerabilities in the IBM i stack, and two group PTFs for the IBM i 7.2 release that is supposed to be kaput.

Let’s start with the security vulnerabilities.

First, we have Security Bulletin: IBM i is vulnerable to a local privilege escalation due to a flaw in IBM Directory Server for i (CVE-2023-40378), which you can find out more about at this link. The issue can be fixed by applying a PTF to IBM i releases 7.5, 7.4, 7.3, and 7.2, as follows:

IBM i Release 5770-SS1 7.5 SI84813 7.4 SI84817 7.3 SI84842 7.2 SI84836

Second, there is Security Bulletin: IBM WebSphere Application Server Liberty for IBM i is vulnerable to man-in-the-middle spoofing attack (CVE-2022-39161), with more information about it at this link. The IBM i PTF numbers for 5770-DG1 contain the fix for the vulnerability.

IBM i Release 5770-DG1 PTF Numbers 7.5 SI84088 7.4 SI84093 7.3 SI84087

Third, we have Security Bulletin: ISC BIND on IBM i is vulnerable to denial of service due to a stack exhaustion flaw (CVE-2023-3341) and you can find out more here about this security issue. The IBM i PTF number for 5770-SS1 Option 31 contains the fix for the vulnerability.

IBM i Release 5770-SS1 Option 31 PTF Number 7.5 SI84740 7.4 SI84743 7.3 SI84747 7.2 SI84797

Just a reminder: The SF99719 720 Group HIPER – level 236 is available at this link, and the SF99718 720 Group Security – level 125 is available at this link.

Here is the rundown of PTF Groups by IBM i release level since we last published:

PTF Groups 7.5:

HIPERs (High Impact/Pervasive)

Security

Fix list for IBM WebSphere Application Server Liberty

WebSphere Application Server traditional V9.0

WebSphere Application Server V8.5

IBM HTTP Server for i

MustGather: How To Obtain and Install QMGTOOLS

RPG Café

PTF Groups 7.4:

HIPERs (High Impact/Pervasive)

Security

Fix list for IBM WebSphere Application Server Liberty

WebSphere Application Server traditional V9.0

WebSphere Application Server V8.5

IBM HTTP Server for i

MustGather: How To Obtain and Install QMGTOOLS

RPG Café

PTF Groups 7.3:

HIPERs (High Impact/Pervasive)

Security

Fix list for IBM WebSphere Application Server Liberty

WebSphere Application Server traditional V9.0

WebSphere Application Server V8.5

IBM HTTP Server for i

MustGather: How To Obtain and Install QMGTOOLS

RPG Café

Tip O’ The Week: Starting October 24, 2023, these selected LPPs and optional features will no longer be ordered separately but instead will be automatically included with all IBM i operating system orders and upgrades. For the LPPs and features that required software license keys, the license checking function will be removed, and, therefore, these software programs will no longer need keys applied. See more at this link. The IBM i (5770-SS1) PTFs which remove the license checking function will be available on October 24, 2023, and are as follows:

IBM i 7.5: SI83648

IBM i 7.4: SI83647

IBM i 7.3: SI83646

IBM i 7.2: SI83645

IBM i 7.1: SI84524

New (or Updated) links added to the ‘Links’ tab in the guide this week:

ARE: IBM Administration Runtime Expert for i, 664465

WebQuery: Traditional Install and Uninstall, 6523844

WAS/JAVA: IBM WebSphere Application Server v8.5 on IBM i Fails to Start Or TLS/HTTPS Fails After Updating IBM i Java Group PTF, 7047471

Temp Addr: Temporary Addresses, 638971

Virus: Viruses, Malware, Spyware, Ransomware, the IBM i Operating System, and the Integrated File System, 667265

New (or Updated) links added to the ‘QMGtools’ tab in the guide this week:

Nothing

New (or Updated) links added to the ‘ACS_NAV’ tab in the guide this week:

ACS_NAV: IBM Navigator for i – new version, 6483299

New (or Updated) links added to the ‘Prtr Links’ tab in the guide this week:

Nothing

New (or Updated) links Redbooks added this week:

Nothing

The Guide at a glance: There are new defectives this week (10/21/23). Here is the defective PTF rundown, which is the last defective for each release:

Defect Defective APAR Fixing Date PTF PTF -------- -------- ------- ------------------------ 7.5 10/06/23 SI84569 SE80598 xxxxxxx (When available) 7.4 10/06/23 SI84583 SE80598 xxxxxxx (When available) 7.3 10/06/23 SI84586 SE80598 xxxxxxx (When available)

Be sure to access the link in the Guide for further details.

