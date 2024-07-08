IBM i PTF Guide, Volume 26, Numbers 24 And 25

Doug Bidwell

It is Ketchup Week here at the IBM i PTF Guide, and not just because of all of the hot dogs, hamburgers, and French American fries being consumed for the Independence Day holiday here in the United States of America.

The Four Hundred has been publishing on a lighter schedule than usual, as sometimes happens during the summer months as people get some downtime, and we are catching you up on the PTFs for the IBM i stack, converging two issues of The Guide into a single one so we can get back to lock stepping it in Monday’s issues.

So let’s get rolling with Volume 26, Number 24, which had four security vulnerabilities and a whole bunch of different stuff. Let’s start, as usual, with the vulnerabilities.

First, we have Security Bulletin: IBM i is vulnerable to user profile enumeration due to a supplied table function in Db2 for i (CVE-2024-31870), which you can find out more about at this link. The releases affected and their fixes are as follows:

IBM i Release 5770-SS1 PTF 7.5 SJ00244 7.4 SJ00245 7.3 SJ00246 7.2 SJ00247

Second, we have Security Bulletin: IBM i is vulnerable to a privilege escalation due to the ability to configure a physical file trigger in Db2 for IBM i. (CVE-2024-27275), for which you can find out more here. Brace yourself for the long list of patches needed for IBM i 7.3 and IBM i 7.2. Here are the patches for the four currently supported releases:

IBM i Release 5770-SS1 PTF Numbers PTF Download Link 7.5 SF99950 750 Db2 for IBM i Level 7 7.4 SF99704 740 Db2 for IBM i Level 28 7.3 SJ00297 SJ00314 SJ00325 SJ00343 SJ00347 SJ00352 SJ00353 SJ00361 SJ00389 SJ00450 SJ00455 SJ00580 SJ00743 SJ00744 SJ00749 SJ00752 SJ00764 SJ00765 SJ00768 SJ00769 7.2 SJ00298 SJ00315 SJ00326 SJ00346 SJ00348 SJ00354 SJ00355 SJ00360 SJ00390 SJ00449 SJ00456 SJ00581 SJ00747 SJ00748 SJ00750 SJ00753 SJ00763 SJ00766 SJ00767 SJ00770

Third, we have Security Bulletin: IBM WebSphere Application Server is vulnerable to identity spoofing (CVE-2024-37532), and you can read all about it here. The affected products are IBM WebSphere Application Server 8.5 and 9.0.

Finally for Volume 26, Number 24 we have Security Bulletin: IBM i is vulnerable to a local privilege escalation due to a flaw in IBM TCP/IP Connectivity Utilities for i (CVE-2024-31890), and you can get the details about it here. The affected releases and their fixes are as follows:

IBM i Release 5770-TC1 PTF Number 7.5 SJ00681 7.4 SJ00679 7.3 SJ00680

Here is the rundown of PTF Groups by IBM i release level since we last published two weeks ago:

PTF Groups 7.5:

Fix list for IBM WebSphere Application Server Liberty

SAP support required PTF list for IBM i 7.5

QMGTOOLS

PTF Groups 7.4:

Fix list for IBM WebSphere Application Server Liberty

SAP support required PTF list for IBM i 7.4

QMGTOOLS

PTF Groups 7.3:

Fix list for IBM WebSphere Application Server Liberty

SAP support required PTF list for IBM i 7.3

QMGTOOLS

Tip O’ The Week: There is a new ODBC Driver (28) for IBM i. Check the ACS_NAV tab in The Guide.

ACS Windows App Pkg English (64-bit), 1.1.0.28

IBM GSKit (Global Security Kit), 8.0.55.31

IBM i Access ODBC Driver, 13.64.28.00

New (or Updated) links added to the ‘Links’ tab in The Guide these past two weeks:

MQ: IBM MQ, WebSphere MQ, and MQSeries product READMEs, 317955

MQ: System Requirements for IBM MQ, 318077

New (or Updated) links added to the ‘QMGtools’ tab in The Guide this week:

QMGTOOLS: Directory Threshold Collection, 7158171

QMGTOOLS: Internals SYSSNAP Collection (INTSNAP), 7157792

New (or Updated) links added to the ‘ACS_NAV’ tab in The Guide this week:

None

New (or Updated) links added to the ‘Prtr Links’ tab in The Guide this week:

None

New (or Updated) links Redbooks added this week:

None

New (or Updated) “Stuff” added to REF tab in The Guide this week:

None

The Guide at a glance: There are new defectives this week (06/22/24). Here is the defective PTF rundown, which is the last defective for each release:

Defect Defective APAR Fixing Date PTF PTF -------- -------- ------- - ----------------------- 7.5 04/23/24 SI85693 DT378886 SJ00269 (When available) SI84240 7.4 04/23/24 SI85692 DT378886 SJ00268 (When available) SI84239 7.3 01/10/24 SI85576 SE81023 SI85663 (When available)

In Volume 26, Number 25, there wasn’t all that much going on, which is what you expect just before the July 4th holiday in the States.

There was one security vulnerability, which you can see at Security Bulletin: IBM HTTP Server (powered by Apache) for IBM i is vulnerable to a denial of service attack using HTTP/2 protocol (CVE-2024-27316) and which you can read about in detail here. The IBM i PTF number for 5770-DG1 contains the fix to resolve the vulnerability:

IBM i Release PTF Number 5770-DG1, 7.5 SJ01169 5770-DG1, 7.4 SJ01168 5770-DG1, 7.3 SJ01156

There is an issue with System Snapshot that surfaced before the July 4th holiday. QMGTOOLS System Snapshot (SYSSNAP) may delete data in the Integrated File System (IFS) incorrectly, and you can read more about the situation here. The affected releases of QMGTOOLS are for R730, R740 and R750 build dates of 5/29/2024, 6/7/2024, 6/11/2024 and 6/17/2024. The resolution of this situation is to upgrade QMGTOOLS to build date June 27, 2024 (06/27/2024). Extra steps have been taken to ensure only the SYSSNAP directory will be removed when specified.

And finally, here is the Guide at a glance for Volume 26, Number 25: There are new defectives this week (06/29/24). Here is the defective PTF rundown, which is the last defective for each release:

Defect Defective APAR Fixing Date PTF PTF -------- -------- ------- - ----------------------- 7.5 04/23/24 SI85693 DT378886 SJ00269 (When available) SI84240 7.4 04/23/24 SI85692 DT378886 SJ00268 (When available) SI84239 7.3 01/10/24 SI85576 SE81023 SI85663 (When available)

Be sure to access the link in the Guide for further details.

Below is the usual archive of the IBM i PTF Guide to help you work through the PTFs in chronological order:

June 29, 2024: Volume 26, Number 25

June 22, 2024: Volume 26, Number 24

June 15, 2024: Volume 26, Number 23

June 8, 2024: Volume 26, Number 22

June 1, 2024: Volume 26, Number 21

May 25, 2024: Volume 26, Number 20

May 18, 2024: Volume 26, Number 19

May 11, 2024: Volume 26, Number 18

May 4, 2024: Volume 26, Number 17

April 20, 2024: Volume 26, Number 16

April 13, 2024: Volume 26, Number 15

April 6, 2024: Volume 26, Number 14

March 30, 2024: Volume 26, Number 13

March 24, 2024: Volume 26, Number 12

March 16, 2024: Volume 26, Number 11

March 9, 2024: Volume 26, Number 10

March 2, 2024: Volume 26, Number 9

February 24, 2024: Volume 26, Number 8

February 17, 2024: Volume 26, Number 7

February 10, 2024: Volume 26, Number 6

February 3, 2024: Volume 26, Number 5

January 27, 2024: Volume 26, Number 4

January 20, 2024: Volume 26, Number 3

January 13, 2024: Volume 26, Number 2

January 6, 2024: Volume 26, Number 1

December 30, 2023: Volume 25, Number 53

December 23, 2023: Volume 25, Number 52

December 16, 2023: Volume 25, Number 51

December 9, 2023: Volume 25, Number 50

December 2, 2023: Volume 25, Number 49

November 25, 2023: Volume 25, Number 48

November 18, 2023: Volume 25, Number 47

November 11, 2023: Volume 25, Number 46

November 4, 2023: Volume 25, Number 45

October 28, 2023: Volume 25, Number 44

October 21, 2023: Volume 25, Number 43

October 14, 2023: Volume 25, Number 42

October 7, 2023: Volume 25, Number 41

September 30, 2023: Volume 25, Number 40

September 23, 2023: Volume 25, Number 39

September 16, 2023: Volume 25, Number 38

September 9, 2023: Volume 25, Number 37

September 2, 2023: Volume 25, Number 36

August 26, 2023: Volume 25, Number 35

August 19, 2023: Volume 25, Number 34

August 12, 2023: Volume 25, Number 33

August 5, 2023: Volume 25, Number 32

July 29, 2023: Volume 25, Number 31

July 22, 2023: Volume 25, Number 30

July 15, 2023: Volume 25, Number 29

July 8, 2023: Volume 25, Number 28

July 1, 2023: Volume 25, Number 27

June 24, 2023: Volume 25, Number 26

June 17, 2023: Volume 25, Number 25

June 10, 2023: Volume 25, Number 24

June 3, 2023: Volume 25, Number 23

May 27, 2023: Volume 25, Number 22

May 20, 2023: Volume 25, Number 21

May 13, 2023: Volume 25, Number 20

May 6, 2023: Volume 25, Number 19

April 29, 2023: Volume 25, Number 18

April 22, 2023: Volume 25, Number 17

April 15, 2023: Volume 25, Number 16

April 8, 2023: Volume 25, Number 15

April 1, 2023: Volume 25, Number 14

March 25, 2023: Volume 25, Number 13

March 18, 2023: Volume 25, Number 12

March 11, 2023: Volume 25, Number 11

March 4, 2023: Volume 25, Number 10

February 25, 2023: Volume 25, Number 9

February 18, 2023: Volume 25, Number 8

February 13, 2023: Volume 25, Number 7

February 4, 2023: Volume 25, Number 6

January 28, 2023: Volume 25, Number 5

January 21, 2023: Volume 25, Number 4

January 14, 2023: Volume 25, Number 3

January 7, 2023: Volume 25, Number 2

January 1, 2023: Volume 25, Number 1

December 10, 2022: Volume 24, Number 50

December 3, 2022: Volume 24, Number 49

November 26, 2022: Volume 24, Number 48

November 19, 2022: Volume 24, Number 47

November 12, 2022: Volume 24, Number 46

November 5, 2022: Volume 24, Number 45

October 29, 2022: Volume 24, Number 44

October 22, 2022: Volume 24, Number 43

October 15, 2022: Volume 24, Number 42

October 8, 2022: Volume 24, Number 41

October 1, 2022: Volume 24, Number 40

September 24, 2022: Volume 24, Number 39

September 17, 2022: Volume 24, Number 38

September 10, 2022: Volume 24, Number 37

September 3, 2022: Volume 24, Number 36

August 27, 2022: Volume 24, Number 35

August 20, 2022: Volume 24, Number 34

August 13, 2022: Volume 24, Number 33

August 6, 2022: Volume 24, Number 32

July 30, 2022: Volume 24, Number 31

July 23, 2022: Volume 24, Number 30

July 16, 2022: Volume 24, Number 29

July 9, 2022: Volume 24, Number 28

June 25, 2022: Volume 24, Number 26

June 18, 2022: Volume 24, Number 25

June 11, 2022: Volume 24, Number 24

June 4, 2022: Volume 24, Number 23