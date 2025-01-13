IBM i PTF Guide, Volume 26, Numbers 48 Through 50
With The Four Hundred on hiatus for the holidays in late December and early January, we are playing catch up with editions of the IBM i PTF Guide. This week, we will close out 2024 with the final three editions put together in December.
Let’s start with Volume 26, Number 48, which came out December 7. It starts with Security Bulletin: Vulnerability in IBM Java SDK affect IBM WebSphere Application Server and IBM WebSphere Application Server Liberty due to October 2024 CPU, which you can learn more about here. The affected products include WebSphere Application Server 8.5 and 9.0 as well as WebSphere Application Server Liberty Continuous delivery.
Here is the rundown of PTF Groups by IBM i release level since we last published on December 9:
PTF Groups 7.5:
- HIPERs (High Impact/Pervasive)
- PowerHA Tools for IBM i – Full System FlashCopy (FSFC)
- Defective PTFs
- QMGTOOLS
- Rational Developer for i
- RPG Café
PTF Groups 7.4:
- HIPERs (High Impact/Pervasive)
- PowerHA Tools for IBM i – Full System FlashCopy (FSFC)
- Defective PTFs
- QMGTOOLS
- Rational Developer for i
- RPG Café
PTF Groups 7.3:
- PowerHA Tools for IBM i – Full System FlashCopy (FSFC)
- Defective PTFs
- QMGTOOLS
- Rational Developer for i
- RPG Café
The Guide at a glance:
There were new defectives the week of 12/07/24. Here is the defective PTF rundown, which is the last defective for each release:
Defect Defective APAR Fixing Date PTF PTF -------- -------- --------- ----------------------- 7.5 11/25/24 SI85459 DT417583 XXXXXXX (When available)(read the recommendations) Read the cover letter-prerequisites! 7.4 11/25/24 SI85460 DT417583 XXXXXXX (When available)(read the recommendations) Read the cover letter-prerequisites! 7.3 11/25/24 SI85462 DT417583 XXXXXXX (When available)(read the recommendations)
That brings us to Volume 26, Number 49, which came out December 14, which noted that Defective PTFs from the December 7 edition didn’t have fixing PTFs but they did a week later. Please read defective section below!
Number 49 had a slew of security vulnerabilities, so let’s dive right in.
First we have Security Bulletin: IBM HTTP Server (powered by Apache) for IBM i is vulnerable to a remote attacker obtaining sensitive information, bypassing security restrictions, and a server-side request forgery due to multiple vulnerabilities., which you can find out more about here. The issue can be fixed by applying a PTF to IBM i as follows:
IBM i Release 5770-DG1 PTF Number 7.5 SJ02352 SJ02602 7.4 SJ02234 SJ02601 7.3 SJ02216 SJ02600 7.2 SJ02215 SJ02599
Second, we have Security Bulletin: Multiple vulnerabilities in IBM Rational Developer for i (CVE-2024-47554, CVE-2024-45801), with more information about it at this link. This affects IBM Rational Developer for i releases 9.8.0.0 to 9.8.0.2, with the interim fix is available at Downloads.
Third, we have Security Bulletin: IBM i is vulnerable to a file level denial of service due to an insufficient authority requirement. [CVE-2024-35122], with details at this link. The issue can be addressed by applying a PTF to IBM i:
IBM i Release 5770-SS1 PTF Numbers 7.5 SJ03022 7.4 SJ02988 7.3 SJ03130 7.2 SJ03131
Fourth, we have Security Bulletin: IBM WebSphere Application Server Liberty for IBM i is vulnerable to a spoofing attack [CVE-2023-50314], with more information here. The issue can be fixed by applying a PTF to IBM i, as follows:
IBM i Release 5770-SS1 Option 3 PTF Numbers 7.5 SJ02961 7.4 SJ02962 7.3 SJ02963 7.2 SJ02964
Also, here is an update on High Impact / Highly Pervasive (HIPER) Issue concerning a potential undetected data loss that can occur on LPARs using NPIV with certain Fibre Channel adapters. Read more about it here, Potential undetected data loss can occur on LPARs using NPIV over Fibre Channel adapters with the following Feature Codes: EN1E/EN1F, EN1G/EN1H, EN1J/EN1K, EN2L/EN2M, and EN2N/EN2P.
Here is the rundown of PTF Groups by IBM i release level since Number 48:
PTF Groups 7.5:
- HIPERs (High Impact/Pervasive)
- Security
- IBM DB2 Mirror for i
- DB2 for IBM i
- MustGather: How To Obtain and Install QMGTOOLS
- RPG Café
PTF Groups 7.4:
- HIPERs (High Impact/Pervasive)
- Security
- IBM DB2 Mirror for i
- DB2 for IBM i
- MustGather: How To Obtain and Install QMGTOOLS
- RPG Café
PTF Groups 7.3:
- HIPERs (High Impact/Pervasive)
- Security
- MustGather: How To Obtain and Install QMGTOOLS
- RPG Café
There were new defectives the week of 12/14/24. Here is the defective PTF rundown, which is the last defective for each release:
Defect Defective APAR Fixing Date PTF PTF -------- -------- --------- ----------------------- 7.5 11/25/24 SI85459 DT417583 SJ03075 (When available)(read the recommendations) Read the cover letter-prerequisites! 7.4 11/25/24 SI85460 DT417583 SJ03166 (When available)(read the recommendations) Read the cover letter-prerequisites! 7.3 11/25/24 SI85462 DT417583 SJ03169 (When available)(read the recommendations)
In Volume 26, Number 50, published on December 21, we have two security vulnerabilities and two other issues as well as the regular group PTFs.
On the security front, first we have Security Bulletin: IBM i is vulnerable to an authenticated user gaining elevated privilege to a physical file [CVE-2024-47104], which you can read more about at this link. The issue can be addressed by applying a PTF to IBM i as follows:
IBM i Release 5770-SS1 Group PTF with Level 7.5 SF99950 750 Db2 for IBM i Level 8950 7.4 SF99704 740 Db2 for IBM i Level 29
Second, we have Security Bulletin: IBM i is vulnerable to bypassing Navigator for i interface restrictions and a server-side request forgery [CVE-2024-51463, CVE-2024-51464], which is detailed here. The issues can be fixed by applying a PTF to IBM i. IBM i releases 7.5, 7.4, and 7.3 will be fixed. The IBM i PTF numbers for 5770-SS1 Option 3 contain the fix for the vulnerabilities. See:
IBM i Release 5770-SS1 PTF Numbers 7.5 SJ02361 7.4 SJ02360 7.3 SJ02359
Here is the rundown of PTF Groups by IBM i release level since Number 49:
PTF Groups 7.5:
- IBM HTTP Server for i
- IBM MQ for IBM i – v9.2.0/v9.3.0
- WebSphere Application Server traditional V9.0
- SAP support required PTF list for IBM i 7.5
PTF Groups 7.4:
- IBM HTTP Server for i
- MQ for IBM i – v9.0.0/v9.1.0/v9.2.0/v9.3.0
- WebSphere Application Server traditional V9.0
- SAP support required PTF list for IBM i 7.4
PTF Groups 7.3:
- MQ for IBM i – v7.1.0/v8.0.0/V9.0.0/V9.1/V9.2
- IBM HTTP Server for i
- WebSphere Application Server traditional V9.0
- SAP Support Required PTF List for IBM i 7.3
There were new defectives the week of 12/21/24. Here is the defective PTF rundown, which is the last defective for each release:
Defect Defective APAR Fixing Date PTF PTF -------- -------- --------- ----------------------- 7.5 11/25/24 SI85459 DT417583 SJ03075 (When available)(read the recommendations) Read the cover letter-prerequisites! 7.4 11/25/24 SI85460 DT417583 SJ03166 (When available)(read the recommendations) Read the cover letter-prerequisites! 7.3 11/25/24 SI85462 DT417583 SJ03169 (When available)(read the recommendations) ***None of the above are available as of this writing***
Be sure to access the link in The Guide for further details.
Below is the usual archive of the IBM i PTF Guide to help you work through the PTFs in chronological order:
December 21, 2024: Volume 26, Number 50
December 14, 2024: Volume 26, Number 49
December 7, 2024: Volume 26, Number 48
November 30, 2024: Volume 26, Number 47
November 23, 2024: Volume 26, Number 46
November 16, 2024: Volume 26, Number 45
November 9, 2024: Volume 26, Number 44
November 2, 2024: Volume 26, Number 43
October 26, 2024: Volume 26, Number 42
October 19, 2024: Volume 26, Number 41
October 12, 2024: Volume 26, Number 40
October 9, 2024: Volume 26, Number 39
September 28, 2024: Volume 26, Number 38
September 21, 2024: Volume 26, Number 37
September 14, 2024: Volume 26, Number 36
September 7, 2024: Volume 26, Number 35
August 31, 2024: Volume 26, Number 34
August 24, 2024: Volume 26, Number 33
August 17, 2024: Volume 26, Number 32
August 11, 2024: Volume 26, Number 31
August 3, 2024: Volume 26, Number 30
July 27, 2024: Volume 26, Number 29
July 20, 2024: Volume 26, Number 28
July 13, 2024: Volume 26, Number 27
July 6, 2024: Volume 26, Number 26
June 22, 2024: Volume 26, Number 24
June 15, 2024: Volume 26, Number 23
June 8, 2024: Volume 26, Number 22
June 1, 2024: Volume 26, Number 21
May 25, 2024: Volume 26, Number 20
May 18, 2024: Volume 26, Number 19
May 11, 2024: Volume 26, Number 18
May 4, 2024: Volume 26, Number 17
April 20, 2024: Volume 26, Number 16
April 13, 2024: Volume 26, Number 15
April 6, 2024: Volume 26, Number 14
March 30, 2024: Volume 26, Number 13
March 24, 2024: Volume 26, Number 12
March 16, 2024: Volume 26, Number 11
March 9, 2024: Volume 26, Number 10
March 2, 2024: Volume 26, Number 9
February 24, 2024: Volume 26, Number 8
February 17, 2024: Volume 26, Number 7
February 10, 2024: Volume 26, Number 6
February 3, 2024: Volume 26, Number 5
January 27, 2024: Volume 26, Number 4
January 20, 2024: Volume 26, Number 3
January 13, 2024: Volume 26, Number 2
January 6, 2024: Volume 26, Number 1
December 30, 2023: Volume 25, Number 53
December 23, 2023: Volume 25, Number 52
December 16, 2023: Volume 25, Number 51
December 9, 2023: Volume 25, Number 50
December 2, 2023: Volume 25, Number 49
November 25, 2023: Volume 25, Number 48
November 18, 2023: Volume 25, Number 47
November 11, 2023: Volume 25, Number 46
November 4, 2023: Volume 25, Number 45
October 28, 2023: Volume 25, Number 44
October 21, 2023: Volume 25, Number 43
October 14, 2023: Volume 25, Number 42
October 7, 2023: Volume 25, Number 41
September 30, 2023: Volume 25, Number 40
September 23, 2023: Volume 25, Number 39
September 16, 2023: Volume 25, Number 38
September 9, 2023: Volume 25, Number 37
September 2, 2023: Volume 25, Number 36
August 26, 2023: Volume 25, Number 35
August 19, 2023: Volume 25, Number 34
August 12, 2023: Volume 25, Number 33
August 5, 2023: Volume 25, Number 32
July 29, 2023: Volume 25, Number 31
July 22, 2023: Volume 25, Number 30
July 15, 2023: Volume 25, Number 29
July 8, 2023: Volume 25, Number 28
July 1, 2023: Volume 25, Number 27
June 24, 2023: Volume 25, Number 26
June 17, 2023: Volume 25, Number 25
June 10, 2023: Volume 25, Number 24
June 3, 2023: Volume 25, Number 23
May 27, 2023: Volume 25, Number 22
May 20, 2023: Volume 25, Number 21
May 13, 2023: Volume 25, Number 20
May 6, 2023: Volume 25, Number 19
April 29, 2023: Volume 25, Number 18
April 22, 2023: Volume 25, Number 17
April 15, 2023: Volume 25, Number 16
April 8, 2023: Volume 25, Number 15
April 1, 2023: Volume 25, Number 14
March 25, 2023: Volume 25, Number 13
March 18, 2023: Volume 25, Number 12
March 11, 2023: Volume 25, Number 11
March 4, 2023: Volume 25, Number 10
February 25, 2023: Volume 25, Number 9
February 18, 2023: Volume 25, Number 8
February 13, 2023: Volume 25, Number 7
February 4, 2023: Volume 25, Number 6
January 28, 2023: Volume 25, Number 5
January 21, 2023: Volume 25, Number 4
January 14, 2023: Volume 25, Number 3
January 7, 2023: Volume 25, Number 2
January 1, 2023: Volume 25, Number 1
December 10, 2022: Volume 24, Number 50