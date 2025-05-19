IBM i PTF Guide, Volume 27, Number 20

Doug Bidwell

Brace yourselves, everyone. There are seven security vulnerabilities that you have to pay attention to this week for the IBM i platform. Remember, as security guru Carol Woodbury is fond of saying: the IBM i platform is not the most secure platform in the world, but the most securable platform in the world. You must be ever-vigilant and keep it secure by patching holes and killing bugs.

So, without further fuss, let’s dive in and take them in order.

One is Security Bulletin: IBM i is vulnerable to a machine-in-the-middle attack due to mishandling error codes when verifying the host key by OpenSSH. [CVE-2025-26465]. More information at this link. The IBM i 5733-SC1 PTF number resolves the vulnerability, as follows:

IBM i Release 5733-SC1 PTF Number PTF 7.6 SJ05440 7.5 SJ05424 7.4, 7.3, 7.2 SJ05423

Two is Security Bulletin: Multiple Vulnerabilities in IBM Java SDK affect IBM WebSphere Application Server and IBM WebSphere Application Server Liberty due to the April 2025 CPU. More information at this link. There are multiple vulnerabilities in the IBM SDK, Java Technology Edition that is shipped with IBM WebSphere Application Server and IBM WebSphere Application Server Liberty.

Three is Security Bulletin: This Power System update is being released to address CVE-2024-2511. More information at this link. The OpenSSL package is used by the Virtualization Management Interface in PowerVM to support network communication with the Hardware Management Console. This bulletin provides a remediation for the impacted vulnerability, CVE-2024-2511, by upgrading PowerVM and thus addressing the exposure to the kernel vulnerability.

Four is Security Bulletin: IBM i is vulnerable to a privilege escalation vulnerability in IBM TCP/IP Connectivity Utilities for i [CVE-2025-33103]. More information at this link. Patches are as below:

IBM i Release 5770-TC1 PTF Number 7.6 SJ05513 7.5 SJ05494 7.4 SJ05505 7.3 SJ05514 7.2 SJ05525

Five is Security Bulletin: Vulnerability in OpenSSL (CVE-2024-13176) affects PowerVM. More information at this link. Check link for details on remediation.

Six is Security Bulletin: This Power System update is being released to address CVE-2024-41007. More information at this link. Check link for details on remediation.

And finally, lucky number Seven is Security Bulletin: IBM WebSphere Application Server is affected by a cross-site scripting vulnerability (CVE-2025-33104). More information at this link. The affected products are IBM WebSphere Application Server 8.5 and 9.0. Check link for details on remediation.

Here is the rundown of PTF Groups by IBM i release level since we last published:

PTF Groups 7.6:

SAP Support Required PTF List for IBM i 7.6

PTF Groups 7.5:

None

PTF Groups 7.4:

None

PTF Groups 7.3:

None

Tip O’ The Week, or Month more like: On April 18, Java 21 became generally available and is required by some licensed program products in the IBM i 7.6 stack. See more at this link. IBM Technology for Java 21 is released on IBM i 7.6 as option 21 (Java 21 64-bit) of product 5770-JV1. Here are the instructions on how to use Java 21 on IBM i:

Download Java 21 from the Entitled Software Support(ESS)

Install option 21 of 5770JV1 from the OS install image (i7.6). Refer to Download, Installation, and Usage of Java 21 on the IBM i OS for detailed information.

PTF Group SF99965 level 1 or higher is required for i 7.6.

Set JAVA_HOME to /QOpenSys/QIBM/ProdData/JavaVM/jdk21/64bit before invoking the Java.

New (or Updated) links added to the ‘Links’ tab in The Guide this week:

None

New (or Updated) links added to the ‘QMGtools’ tab in The Guide this week:

None

New (or Updated) links added to the ‘ACS_NAV’ tab in The Guide this week:

pkg mgmnt: Network Connections used by IBM i ACS Open Source Package Management, 6617443

pkg mgmnt: Getting started with Open Source Package Management in IBM i ACS, 706903

open source: IBM i Open Source Resources, N/A

New (or Updated) links added to the ‘Prtr Links’ tab in The Guide this week:

None

New (or Updated) links Redbooks added this week:

None

New (or Updated) stuff added to REF tab in The Guide this week:

None

New (or Updated) links in the TAPE tab in The Guide this week:

None

New (or Updated) links in the WAS tab in The Guide this week:

WAS: How To Install the IBM WebSphere Application Server (WAS) v8.0 and Later Product Using the IBM Web Administration for i Console, 645349 (Video)

The Guide at a glance: There were new defectives the week of 05/17/25. Defective PTF rundown – the latest defective for each release. Click on the Defective PTF link for your release in the Guide:

Defect Defective APAR Fixing Date PTF PTF -------- -------- --------- ----------------------- 7.6 No Entries 7.5 05/14/25 SJ04698 DT437849 SJ05538 (When available)(read the recommendations) SJ01967 Read the cover letter-prerequisites! 7.4 05/14/25 SJ04446 DT437849 SJ05537 Same as above, Please read the cover letter. (When available)(read the recommendations) Read the cover letter-prerequisites! 7.3 01/27/25 SJ03169 DT422375 SJ03786 (When available)(read the recommendations)

Be sure to access the link in The Guide for further details.

