IBM i PTF Guide, Volume 26, Number 6

February 12, 2024 Doug Bidwell

This week we have three new security vulnerabilities, but first we want to remind you that you need to prepare firewalls and proxies for the upcoming infrastructure changes for IBM Call Home, Electronic Fix Distribution. This is considered HIPER by IBM (High Impact/Pervasive), which you can read about here. Public Internet IP addresses are changing for the IBM servers that support Call Home and electronic download of fixes for customer systems’ software, hardware, and operating system. This change pertains to all operating systems and applications connecting to IBM for electronic Call Home and fix download. If you have a firewall in your network, you might need to make changes to allow the new connections.

Now for the security vulnerabilities.

First, we have Security Bulletin: IBM Java SDK and IBM Java Runtime for IBM i are vulnerable to a denial of service and integrity impact due to multiple vulnerabilities, which you can read about here. The PTF fixes are as follows:

IBM i Release	5770-JV1 PTF Group Number and Level
7.5	SF99955 Level 8
7.4	SF99665 Level 21
7.3	SF99725 Level 31

Second, we have Security Bulletin: IBM i Access Client Solutions is vulnerable to remote credential theft when NTLM is enabled on Windows workstations, which is detailed at this link. IBM recommends not using NT LAN Manager (NTLM). For information on restricting NTLM, see section 11.1.4 Restricting Windows NTLM in the Getting Started document for IBM i Access Client Solutions with a publish date of January 24, 2024, or later.

And finally, we have Security Bulletin: IBM Rational Developer for i is vulnerable to a phishing attack due to a flaw in follow-redirects (CVE-2023-26159), with more information at this link. The issue can be fixed by loading an interim fix, which is available at Fix Central for IBM Rational Developer for i versions 9.8.0.0 – 9.8.0.1.

Here is the latest on the mystery of the disappearing QSYS library. If you use SF99740 and SF99741 downloaded from this week, then there shouldn’t be any issues with applying any of the groups. The fixing PTF SI85707 is included in the latest DB group, even though it does not have a new level and does not have a cover letter. If you are using either of those Group PTF orders from prior weeks, then the workaround we described last week is the best course of action.

Be careful here. When you order SF99740, you will receive several .bin files. Those beginning with a C are the Cume, the others are the DB and HIPER groups. The workaround is to install and IPL the cume first, then the DB and HIPERs, along with all the groups downloaded in SF99741.

Also, be aware of WebSphere Application Server 101, which is a support content hub for product knowledge and documentation for that IBM middleware and which you can find out more about here.

And moreover, be aware of preparing customer firewalls and proxies for the upcoming infrastructure changes for Call Home, Electronic Fix Distribution. This is considered a HIPER (High Impact/Pervasive) by IBM. Public Internet IP addresses are changing for the IBM servers that support Call Home and electronic download of fixes for customer systems’ software, hardware, and operating system. This change pertains to all operating systems and applications connecting to IBM for electronic Call Home and fix download. If you have a firewall in your network, you might need to make changes to allow the new connections. Find out more at this link.

Here is the rundown of PTF Groups by IBM i release level since we last published:

PTF Groups 7.5:

PowerHA Tools for IBM i – Full System FlashCopy (FSFC)
PowerHA Tools for IBM i – Full System Replication (FSR)
HIPERs (High Impact/Pervasive)
Security
Memo to Users
MustGather: How To Obtain and Install QMGTOOL

PTF Groups 7.4:

PowerHA Tools for IBM i – Full System FlashCopy (FSFC)
PowerHA Tools for IBM i – Full System Replication (FSR)
HIPERs (High Impact/Pervasive)
Security
MustGather: How To Obtain and Install QMGTOOLS

PTF Groups 7.3:

PowerHA Tools for IBM i – Full System FlashCopy (FSFC)
PowerHA Tools for IBM i – Full System Replication (FSR)
HIPERs (High Impact/Pervasive)
Security
MustGather: How To Obtain and Install QMGTOOLS

Tip O’ The Week: CHGDEVTAP UNLOAD change now allowed while device is varied on. With IBM i 7.5 PTF MF70244, the Change Device Desc (Tape) command (CHGDEVTAP) will now allow the UNLOAD (Unload device at vary off) parameter to be modified while the device is varied on. Also, security note: When the Password Level (QPWDLVL) system value is set to 4, IBM i Access Client Solutions (ACS) version 1.1.9.0 or later is required to connect to that system using ACS.

New (or Updated) links added to the ‘Links’ tab in the guide this week:

PTF: Process to Load Virtual Images From Fix Central, 634525
System/AddressesTemporary Addresses, 638971

New (or Updated) links added to the ‘QMGtools’ tab in the guide this week:

None

New (or Updated) links added to the ‘ACS_NAV’ tab in the guide this week:

None

New (or Updated) links added to the ‘Prtr Links’ tab in the guide this week:

Video: Configuring a *LAN 3812 SNMP Device Description, 644613

New (or Updated) links Redbooks added this week:

None

The Guide at a glance: There are new defectives this week (02/10/24). Here is the defective PTF rundown, which is the last defective for each release:

	Defect		Defective	APAR	Fixing
	Date		PTF			PTF
	--------	--------	-------	------------------------	
7.5	01/10/24	SI85576		SE81023	SI85663 (When available)
7.4	01/24/24	SI84712		SE81069	SI85707 (Read Special INstructions!!)
			SI84563
			SI83654
7.3	01/10/24	SI85576		SE81023	SI85663 (When available)

Be sure to access the link in the Guide for further details.

Below is the usual archive of the IBM i PTF Guide to help you work through the PTFs in chronological order:

February 10, 2024: Volume 26, Number 6

February 3, 2024: Volume 26, Number 5

January 27, 2024: Volume 26, Number 4

January 20, 2024: Volume 26, Number 3

January 13, 2024: Volume 26, Number 2

January 6, 2024: Volume 26, Number 1

December 30, 2023: Volume 25, Number 53

December 23, 2023: Volume 25, Number 52

December 16, 2023: Volume 25, Number 51

December 9, 2023: Volume 25, Number 50