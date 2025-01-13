IBM i PTF Guide, Volume 26, Numbers 48 Through 50

Doug Bidwell

With The Four Hundred on hiatus for the holidays in late December and early January, we are playing catch up with editions of the IBM i PTF Guide. This week, we will close out 2024 with the final three editions put together in December.

Let’s start with Volume 26, Number 48, which came out December 7. It starts with Security Bulletin: Vulnerability in IBM Java SDK affect IBM WebSphere Application Server and IBM WebSphere Application Server Liberty due to October 2024 CPU, which you can learn more about here. The affected products include WebSphere Application Server 8.5 and 9.0 as well as WebSphere Application Server Liberty Continuous delivery.

Here is the rundown of PTF Groups by IBM i release level since we last published on December 9:

PTF Groups 7.5:

HIPERs (High Impact/Pervasive)

PowerHA Tools for IBM i – Full System FlashCopy (FSFC)

Defective PTFs

QMGTOOLS

Rational Developer for i

RPG Café

PTF Groups 7.4:

HIPERs (High Impact/Pervasive)

PowerHA Tools for IBM i – Full System FlashCopy (FSFC)

Defective PTFs

QMGTOOLS

Rational Developer for i

RPG Café

PTF Groups 7.3:

PowerHA Tools for IBM i – Full System FlashCopy (FSFC)

Defective PTFs

QMGTOOLS

Rational Developer for i

RPG Café

Tip O’ The Week: Last fall, we were asking you to reach out and help the people hurt by Hurricanes Helene and Milton if you could, and we warned that we would all get a turn having our lives turned upside down. And here we are in the second week of January, and there are wildfires around Los Angeles, with tens of thousands of structures burned, an unknown number of dead, and so many people who need help.

New (or Updated) links added to the ‘Links’ tab in The Guide this week:

FSFC: FSFC Features and Upgrades – 5.2, 6986607

FSR: FSR Features and Upgrades – 5.2, 7062494

FSFC/FSR: PowerHA Tools Compatibility Information, 6560768

New (or Updated) links added to the ‘QMGtools’ tab in The Guide this week:

MustGather – Ansible for IBM i, 6250061

New (or Updated) links added to the ‘ACS_NAV’ tab in The Guide this week:

None

New (or Updated) links added to the ‘Prtr Links’ tab in The Guide this week:

None

New (or Updated) links Redbooks added this week:

None

New (or Updated) “Stuff” added to REF tab in The Guide this week:

None

The Guide at a glance:

There were new defectives the week of 12/07/24. Here is the defective PTF rundown, which is the last defective for each release:

Defect Defective APAR Fixing Date PTF PTF -------- -------- --------- ----------------------- 7.5 11/25/24 SI85459 DT417583 XXXXXXX (When available)(read the recommendations) Read the cover letter-prerequisites! 7.4 11/25/24 SI85460 DT417583 XXXXXXX (When available)(read the recommendations) Read the cover letter-prerequisites! 7.3 11/25/24 SI85462 DT417583 XXXXXXX (When available)(read the recommendations)

That brings us to Volume 26, Number 49, which came out December 14, which noted that Defective PTFs from the December 7 edition didn’t have fixing PTFs but they did a week later. Please read defective section below!

Number 49 had a slew of security vulnerabilities, so let’s dive right in.

First we have Security Bulletin: IBM HTTP Server (powered by Apache) for IBM i is vulnerable to a remote attacker obtaining sensitive information, bypassing security restrictions, and a server-side request forgery due to multiple vulnerabilities., which you can find out more about here. The issue can be fixed by applying a PTF to IBM i as follows:

IBM i Release 5770-DG1 PTF Number 7.5 SJ02352 SJ02602 7.4 SJ02234 SJ02601 7.3 SJ02216 SJ02600 7.2 SJ02215 SJ02599

Second, we have Security Bulletin: Multiple vulnerabilities in IBM Rational Developer for i (CVE-2024-47554, CVE-2024-45801), with more information about it at this link. This affects IBM Rational Developer for i releases 9.8.0.0 to 9.8.0.2, with the interim fix is available at Downloads.

Third, we have Security Bulletin: IBM i is vulnerable to a file level denial of service due to an insufficient authority requirement. [CVE-2024-35122], with details at this link. The issue can be addressed by applying a PTF to IBM i:

IBM i Release 5770-SS1 PTF Numbers 7.5 SJ03022 7.4 SJ02988 7.3 SJ03130 7.2 SJ03131

Fourth, we have Security Bulletin: IBM WebSphere Application Server Liberty for IBM i is vulnerable to a spoofing attack [CVE-2023-50314], with more information here. The issue can be fixed by applying a PTF to IBM i, as follows:

IBM i Release 5770-SS1 Option 3 PTF Numbers 7.5 SJ02961 7.4 SJ02962 7.3 SJ02963 7.2 SJ02964

Also, here is an update on High Impact / Highly Pervasive (HIPER) Issue concerning a potential undetected data loss that can occur on LPARs using NPIV with certain Fibre Channel adapters. Read more about it here, Potential undetected data loss can occur on LPARs using NPIV over Fibre Channel adapters with the following Feature Codes: EN1E/EN1F, EN1G/EN1H, EN1J/EN1K, EN2L/EN2M, and EN2N/EN2P.

Here is the rundown of PTF Groups by IBM i release level since Number 48:

PTF Groups 7.5:

HIPERs (High Impact/Pervasive)

Security

IBM DB2 Mirror for i

DB2 for IBM i

MustGather: How To Obtain and Install QMGTOOLS

RPG Café

PTF Groups 7.4:

HIPERs (High Impact/Pervasive)

Security

IBM DB2 Mirror for i

DB2 for IBM i

MustGather: How To Obtain and Install QMGTOOLS

RPG Café

PTF Groups 7.3:

HIPERs (High Impact/Pervasive)

Security

MustGather: How To Obtain and Install QMGTOOLS

RPG Café

There were new defectives the week of 12/14/24. Here is the defective PTF rundown, which is the last defective for each release:

Defect Defective APAR Fixing Date PTF PTF -------- -------- --------- ----------------------- 7.5 11/25/24 SI85459 DT417583 SJ03075 (When available)(read the recommendations) Read the cover letter-prerequisites! 7.4 11/25/24 SI85460 DT417583 SJ03166 (When available)(read the recommendations) Read the cover letter-prerequisites! 7.3 11/25/24 SI85462 DT417583 SJ03169 (When available)(read the recommendations)

In Volume 26, Number 50, published on December 21, we have two security vulnerabilities and two other issues as well as the regular group PTFs.

On the security front, first we have Security Bulletin: IBM i is vulnerable to an authenticated user gaining elevated privilege to a physical file [CVE-2024-47104], which you can read more about at this link. The issue can be addressed by applying a PTF to IBM i as follows:

IBM i Release 5770-SS1 Group PTF with Level 7.5 SF99950 750 Db2 for IBM i Level 8950 7.4 SF99704 740 Db2 for IBM i Level 29

Second, we have Security Bulletin: IBM i is vulnerable to bypassing Navigator for i interface restrictions and a server-side request forgery [CVE-2024-51463, CVE-2024-51464], which is detailed here. The issues can be fixed by applying a PTF to IBM i. IBM i releases 7.5, 7.4, and 7.3 will be fixed. The IBM i PTF numbers for 5770-SS1 Option 3 contain the fix for the vulnerabilities. See:

IBM i Release 5770-SS1 PTF Numbers 7.5 SJ02361 7.4 SJ02360 7.3 SJ02359

Here is the rundown of PTF Groups by IBM i release level since Number 49:

PTF Groups 7.5:

IBM HTTP Server for i

IBM MQ for IBM i – v9.2.0/v9.3.0

WebSphere Application Server traditional V9.0

SAP support required PTF list for IBM i 7.5

PTF Groups 7.4:

IBM HTTP Server for i

MQ for IBM i – v9.0.0/v9.1.0/v9.2.0/v9.3.0

WebSphere Application Server traditional V9.0

SAP support required PTF list for IBM i 7.4

PTF Groups 7.3:

MQ for IBM i – v7.1.0/v8.0.0/V9.0.0/V9.1/V9.2

IBM HTTP Server for i

WebSphere Application Server traditional V9.0

SAP Support Required PTF List for IBM i 7.3

There were new defectives the week of 12/21/24. Here is the defective PTF rundown, which is the last defective for each release:

Defect Defective APAR Fixing Date PTF PTF -------- -------- --------- ----------------------- 7.5 11/25/24 SI85459 DT417583 SJ03075 (When available)(read the recommendations) Read the cover letter-prerequisites! 7.4 11/25/24 SI85460 DT417583 SJ03166 (When available)(read the recommendations) Read the cover letter-prerequisites! 7.3 11/25/24 SI85462 DT417583 SJ03169 (When available)(read the recommendations) ***None of the above are available as of this writing***

Be sure to access the link in The Guide for further details.

Below is the usual archive of the IBM i PTF Guide to help you work through the PTFs in chronological order:

December 21, 2024: Volume 26, Number 50

December 14, 2024: Volume 26, Number 49

December 7, 2024: Volume 26, Number 48

November 30, 2024: Volume 26, Number 47

November 23, 2024: Volume 26, Number 46

November 16, 2024: Volume 26, Number 45

November 9, 2024: Volume 26, Number 44

November 2, 2024: Volume 26, Number 43

October 26, 2024: Volume 26, Number 42

October 19, 2024: Volume 26, Number 41

October 12, 2024: Volume 26, Number 40

October 9, 2024: Volume 26, Number 39

September 28, 2024: Volume 26, Number 38

September 21, 2024: Volume 26, Number 37

September 14, 2024: Volume 26, Number 36

September 7, 2024: Volume 26, Number 35

August 31, 2024: Volume 26, Number 34

August 24, 2024: Volume 26, Number 33

August 17, 2024: Volume 26, Number 32

August 11, 2024: Volume 26, Number 31

August 3, 2024: Volume 26, Number 30

July 27, 2024: Volume 26, Number 29

July 20, 2024: Volume 26, Number 28

July 13, 2024: Volume 26, Number 27

July 6, 2024: Volume 26, Number 26

June 22, 2024: Volume 26, Number 24

June 15, 2024: Volume 26, Number 23

June 8, 2024: Volume 26, Number 22

June 1, 2024: Volume 26, Number 21

May 25, 2024: Volume 26, Number 20

May 18, 2024: Volume 26, Number 19

May 11, 2024: Volume 26, Number 18

May 4, 2024: Volume 26, Number 17

April 20, 2024: Volume 26, Number 16

April 13, 2024: Volume 26, Number 15

April 6, 2024: Volume 26, Number 14

March 30, 2024: Volume 26, Number 13

March 24, 2024: Volume 26, Number 12

March 16, 2024: Volume 26, Number 11

March 9, 2024: Volume 26, Number 10

March 2, 2024: Volume 26, Number 9

February 24, 2024: Volume 26, Number 8

February 17, 2024: Volume 26, Number 7

February 10, 2024: Volume 26, Number 6

February 3, 2024: Volume 26, Number 5

January 27, 2024: Volume 26, Number 4

January 20, 2024: Volume 26, Number 3

January 13, 2024: Volume 26, Number 2

January 6, 2024: Volume 26, Number 1

December 30, 2023: Volume 25, Number 53

December 30, 2023: Volume 25, Number 53

December 23, 2023: Volume 25, Number 52

December 16, 2023: Volume 25, Number 51

December 9, 2023: Volume 25, Number 50

December 2, 2023: Volume 25, Number 49

November 25, 2023: Volume 25, Number 48

November 18, 2023: Volume 25, Number 47

November 11, 2023: Volume 25, Number 46

November 4, 2023: Volume 25, Number 45

October 28, 2023: Volume 25, Number 44

October 21, 2023: Volume 25, Number 43

October 14, 2023: Volume 25, Number 42

October 7, 2023: Volume 25, Number 41

September 30, 2023: Volume 25, Number 40

September 23, 2023: Volume 25, Number 39

September 16, 2023: Volume 25, Number 38

September 9, 2023: Volume 25, Number 37

September 2, 2023: Volume 25, Number 36

August 26, 2023: Volume 25, Number 35

August 19, 2023: Volume 25, Number 34

August 12, 2023: Volume 25, Number 33

August 5, 2023: Volume 25, Number 32

July 29, 2023: Volume 25, Number 31

July 22, 2023: Volume 25, Number 30

July 15, 2023: Volume 25, Number 29

July 8, 2023: Volume 25, Number 28

July 1, 2023: Volume 25, Number 27

June 24, 2023: Volume 25, Number 26

June 17, 2023: Volume 25, Number 25

June 10, 2023: Volume 25, Number 24

June 3, 2023: Volume 25, Number 23

May 27, 2023: Volume 25, Number 22

May 20, 2023: Volume 25, Number 21

May 13, 2023: Volume 25, Number 20

May 6, 2023: Volume 25, Number 19

April 29, 2023: Volume 25, Number 18

April 22, 2023: Volume 25, Number 17

April 15, 2023: Volume 25, Number 16

April 8, 2023: Volume 25, Number 15

April 1, 2023: Volume 25, Number 14

March 25, 2023: Volume 25, Number 13

March 18, 2023: Volume 25, Number 12

March 11, 2023: Volume 25, Number 11

March 4, 2023: Volume 25, Number 10

February 25, 2023: Volume 25, Number 9

February 18, 2023: Volume 25, Number 8

February 13, 2023: Volume 25, Number 7

February 4, 2023: Volume 25, Number 6

January 28, 2023: Volume 25, Number 5

January 21, 2023: Volume 25, Number 4

January 14, 2023: Volume 25, Number 3

January 7, 2023: Volume 25, Number 2

January 1, 2023: Volume 25, Number 1

December 10, 2022: Volume 24, Number 50

December 3, 2022: Volume 24, Number 49