IBM i PTF Guide, Volume 27, Numbers 31 And 32

August 18, 2025 Doug Bidwell

We are finally getting back to the normal cadence for the IBM i PTF Guide by doubling up editions to get everything current. Our apologies for the asynchronous delays, which were caused by vacations that we actually took here at IT Jungle for once.

Number 30 of the Guide was put together on August 2. There were two security vulnerabilities to cope with.

First, we have Security Bulletin: IBM WebSphere Application Server is affected by arbitrary code execution (CVE-2025-36038), with more information at this link. Affected products include IBM WebSphere Application Server 8.5 and 9.0.

Second, we have Security Bulletin: IBM i is affected by multiple vulnerabilities in International Components for Unicode (ICU) option 39 [CVE-2017-14952 CVE-2011-4599 CVE-2017-17484]. There is more information about this vulnerability here. Read the document for fix and sanitizing pointers.

Here is the rundown of PTF Groups by IBM i release level since the August 2 edition:

PTF Groups 7.6:

WebSphere Application Server V8.5

PTF Groups 7.5:

WebSphere Application Server V8.5

PTF Groups 7.4:

WebSphere Application Server V8.5

PTF Groups 7.3:

WebSphere Application Server V8.5

New (or Updated) links added to the ‘Links’ tab in The Guide this week:

System: 7.6 Memo to Users, N/A
System: 7.5 Memo to Users, N/A
System: 7.4 Memo to Users, N/A
System: 7.3 Memo to Users, N/A
System: 7.2 Memo to Users, N/A
System: 7.1 Memo to Users, N/A
System: 6.1 Memo to Users, N/A
System: 5.4 Memo to Users, N/A
Blue Diamond: Blue Diamond, Customer diagnostic data upload instructions, 666503

New (or Updated) links added to the ‘QMGtools’ tab in The Guide this week:

None

New (or Updated) links added to the ‘ACS_NAV’ tab in The Guide this week:

DCM: Heritage Digital Certificate Manager Enable and Disable Instructions, 6837767

New (or Updated) links added to the ‘Prtr Links’ tab in The Guide this week:

None

New (or Updated) links Redbooks added this week:

None

New (or Updated) stuff added to REF tab in The Guide this week:

None

New (or Updated) links in the TAPE tab in The Guide this week:

None

New (or Updated) links in the WAS tab in The Guide this week:

None

The Guide at a glance: There were new defectives the week of 08/02/25. Defective PTF rundown – the latest defective for each release. Click on the Defective PTF link for your release in the Guide:

	Defect		Defective	APAR		Fixing
	Date		PTF				PTF
	--------	--------	---------	-----------------------	
7.6	No Entries										

7.5	07/17/25	SJ05893	        DT444556	SJ06457 (When available)(read the recommendations) Read the cover letter-prerequisites!                   			
						 
7.4	07/17/25	SJ05892	        DT444556	SJ06452	Same as above, Please read the Cover letter - (When available)(read the recommendations) Read the cover letter-prerequisites!

7.3	01/27/25	SJ03169	        DT422375	SJ03786 (When available)(read the recommendations)

That brings us to Volume 27, Number 32, which was put together on August 9. First just a weird thing. We were working on upgrading a partition from IBM i 7.5 to IBM i 7.6 and we ran into the following issues: Firmware needed to be upgraded before proceeding – see the PRUV for details.

There were also four additional security vulnerabilities. ( ( Sigh ) )

One: Security Bulletin: A vulnerability in IBM Java SDK affects IBM WebSphere Application Server and WebSphere Application Server Liberty due to the July 2025 CPU. The link for more information is here. Affected products and versions are: WebSphere Application Server Liberty Continuous delivery, WebSphere Application Server 9.0, and WebSphere Application Server 8.5.

Two: Security Bulletin: IBM i is affected by an authenticated user gaining elevated privileges due to a web session hijacking vulnerability in IBM Digital Certificate Manager for i [CVE-2025-36119]. The link for more information is there. The IBM i PTF number for 5770-SS1 Option 34 contains the fix for the vulnerability. The patches are as follows:

IBM i Release, 5770-SS1	PTF Number
7.6	SJ06558
7.5	SJ06557
7.4	SJ06552
7.3	SJ06550

Three: Security bulletin: Security Bulletin: IBM i is affected by a timing attack, handling signals in an unsafe manner, and uncontrolled memory consumption due to vulnerabilities in OpenSSH [CVE-2024-39894, CVE-2024-6387, CVE-2025-26466]. The link for more information is thus. The IBM i 5733-SC1 PTF number SJ06522 resolves the vulnerability for IBM i 7.6.

Four: Security Bulletin: IBM i is affected by stack based buffer overflow and unspecified vulnerabilities in IBM Java SDK and IBM Java Runtime for IBM i [CVE-2025-21587, CVE-2025-30698, CVE-2025-4447]. The link for more information is where? Right here. 5770-JV1PTF Group Number and Level, PTF Numbers:

7.6	SJ06025
	SJ06429
	SJ06489
	SJ06490
	SJ06567
	SJ06568
	SJ06621
	SJ06743
7.5	SF99955 Level 16
7.4	SF99665 Level 29
7.3	SF99725 Level 38

Here is the rundown of PTF Groups by IBM i release level as of August 9:

PTF Groups 7.6:

IBM i Access Client Solutions V1.1.9.9, Bld Id 5310
QMGTOOLS

PTF Groups 7.5:

IBM i Access Client Solutions V1.1.9.9, Bld Id 5310
QMGTOOLS

PTF Groups 7.4:

IBM i Access Client Solutions V1.1.9.9, Bld Id 5310
QMGTOOLS

PTF Groups 7.3:

IBM i Access Client Solutions V1.1.9.9, Bld Id 5310
QMGTOOLS

New (or Updated) links added to the ‘Links’ tab in The Guide this week:

LicKey: Products are no longer listed in WRKLICINF but show in DSPLICKEY or CALL QSFWINV, 7066410
JRNRCV: Automate journal receiver (*JRNRCV) deletion, 742663
HTTP: How to run HTTP Apache in its own subsystem, 645335

New (or Updated) links added to the ‘QMGtools’ tab in The Guide this week:

MustGather: Testcase for VIOS Crash or VIOS Hang Condition, 629195

New (or Updated) links added to the ‘ACS_NAV’ tab in The Guide this week:

DCM/TLS: Enabling TLS for IBM Digital Certificate Manager for i (DCM), 6615667
TLS: Configuring Telnet & Host Servers for Server Authentication with TLS for the First Time, 683623
TLS: How to Enable Transport Layer Security (TLS) for the IBM Web Administration Server (HTTPAdmin), 635463

New (or Updated) links added to the ‘Prtr Links’ tab in The Guide this week:

None

New (or Updated) links Redbooks added this week:

None

New (or Updated) stuff added to REF tab in The Guide this week:

None

New (or Updated) links in the TAPE tab in The Guide this week:

None

New (or Updated) links in the WAS tab in The Guide this week:

None

The Guide at a glance: There were new defectives the week of 08/09/25. Defective PTF rundown – the latest defective for each release. Click on the Defective PTF link for your release in the Guide:

	Defect		Defective	APAR		Fixing
	Date		PTF				PTF
	--------	--------	---------	-----------------------	
7.6	No Entries										
7.5	07/17/25	SJ05893	        DT444556	SJ06457 (When available)(read the recommendations) Read the cover letter-prerequisites!					 
7.4	07/17/25	SJ05892	        DT444556	SJ06452	Same as above, Please read the Cover letter - (When available)(read the recommendations) Read the cover letter-prerequisites!
7.3	01/27/25	SJ03169		DT422375	SJ03786 (When available)(read the recommendations)

Be sure to access the link in The Guide for further details.

Below is the usual archive of the IBM i PTF Guide to help you work through the PTFs in chronological order:

August 9, 2025: Volume 27, Number 32

August 2, 2025: Volume 27, Number 31

July 26, 2025: Volume 27, Number 30

July 19, 2025: Volume 27, Number 29

July 12, 2025: Volume 27, Number 28

July 5, 2025: Volume 27, Number 27

June 28, 2025: Volume 27, Number 26

June 21, 2025: Volume 27, Number 25

June 14, 2025: Volume 27, Number 24

June 7, 2025: Volume 27, Number 23