Doug Bidwell
-
IBM i PTF Guide, Volume 24, Number 39
September 26, 2022 Doug Bidwell
Another week, another security vulnerability. This one could be a biggie, so pay attention. Security Bulletin: IBM Common Cryptographic Architecture (CCA) is vulnerable to denial of service (CVE-2022-22423), which you can find out more about here. The vulnerability can be fixed by applying a PTF to IBM i. Releases 7.5, 7.4, 7.3, and 7.2 of IBM i will be fixed. Each PTF bundles updates to CCA 5.x MTM for 4767 and CCA 7.x MTM for 4769, bringing their respective firmware levels to 5.7.12 and 7.3.44 or later, respectively.
Here are the fixes for this particular vulnerability:
IBM i release
… Read more -
IBM i PTF Guide, Volume 24, Number 38
September 19, 2022 Doug Bidwell
It is a quiet week for PTFs, with two security vulnerabilities for the IBM i platform and not much else.
We will start with Security Bulletin: Samba for IBM i is vulnerable to attacker obtaining sensitive information due to a memory leak with SMB1 requests (CVE-2022-32742), which you can find out more about at this link. Here are the fixes:
IBM i Release 5770-SS1 PTF Number 7.4 SI80816 7.3 SI80815And then there is Security Bulletin: IBM WebSphere Application Server Liberty for IBM i is vulnerable to identity spoofing with authenticated user and ability to bypass security restrictions due …
Read more -
IBM i PTF Guide, Volume 24, Number 37
September 14, 2022 Doug Bidwell
Some weeks are loud and noisy, like cats fighting, when it comes to IBM i PTFs, and some weeks are quiet, like mice trying to avoid the notice of the cats. This week is one of those quiet ones, albeit still with High Impact/Pervasive patches and Security patches for all four current IBM i releases.
Here is the rundown of PTF Groups by IBM i release level since we last published:
PTF Groups 7.5:
- HIPERs (High Impact/Pervasive)
- Security
- MustGather: How To Obtain and Install QMGTOOLS
PTF Groups 7.4:
- HIPERs (High Impact/Pervasive)
- Security
- MustGather: How To Obtain and Install QMGTOOLS
PTF …
Read more -
IBM i PTF Guide, Volume 24, Number 36
September 12, 2022 Doug Bidwell
Let’s get right into it. There are PDF transform issues with IBM i 7.5. This issue was encountered by our friends in San Diego: Thank you, Nancy, for sharing! They were receiving “Transformation task cancelled due to a print fidelity error” when converting from SCS to PDF. IBM issued the following PTFs to fix the issue:
PTF ID SI79773 5770SS1 SI79689 5770TS1 SI79684 5770TS1
Now, let’s turn to Security Bulletin: Vulnerability in IBM Java SDK affects IBM WebSphere Application Server and IBM WebSphere Application Server Liberty due to July 2022 CPU plus deferred CVE-2021-2163. You can see more at this …
Read more -
IBM i PTF Guide, Volume 24, Number 35
August 29, 2022 Doug Bidwell
Hello good people of IBM i Land. To start off, a reminder that the Memo To Users for supported releases were last updated April 2022. Clients should review the full “What’s New” details to understand recent changes and impact these may have. See the Links tab in the guide to access the Memo for your release, and, check periodically. these should be considered living documents, meaning, they evolve over time, and as such, read frequently!
Also, ADMIN2 is back at 7.5! IBM turned it off at earlier releases to mitigate the log4j vulnerability in those releases. At V7R5 GA, the …
Read more -
IBM i PTF Guide, Volume 24, Number 34
August 22, 2022 Doug Bidwell
New defective PTFs – meaning PTFs to fix bugs in PTFs that should not be there to fix bugs in software that should not have been there in the first place – issued this week by IBM, and we are only now seeing that you could have been misinterpreting the meaning of “defective PTFs” all of these years. It is to fix defects in PTFs, as some of you might not be thinking. Language is not as good at communication as we sometimes give it credit for. There is always some ambiguity in the packets that are exchanged when two …
Read more -
IBM i PTF Guide, Volume 24, Number 33
August 15, 2022 Doug Bidwell
First up, IBM has tweaked its temporary additional use policy for Power Systems software for migrations to Power E1080, Power E1050, and Power S1024 servers. You can read about it here.
Here is the significance of this. When you do an upgrade, you get 70 days from install to use the systems software for free. That can be extended once for 40 days, and then that can be extended again, once, for 3 days. After that, you have to beg for more if you need more time to do the upgrade. IBM doesn’t care about partitions, it’s the host …
Read more -
IBM i PTF Guide, Volume 24, Number 32
August 8, 2022 Doug Bidwell
It has been a very quiet week on the PTF front for IBM i, which is a good thing after several weeks of lots of security vulnerabilities and other tweaks to the system.
Just a reminder that we have moved V7R1M0 from the weekly update to the archive. Anything new we are informed of that impacts IBM i 7.1, we will post here in the What’s NEW! Section at the top of the story. Also, if you have any IBM i 7.1 requests going forward, we will do our best to provide responses for. Thank you for your readership and …
Read more -
IBM i PTF Guide, Volume 24, Number 31
August 3, 2022 Doug Bidwell
As often happens with systems software these days, there are a bunch of new security vulnerabilities with the IBM i stack that you need to be aware of.
First, there is Security Bulletin: OpenSSL for IBM i is vulnerable to arbitrary command execution (CVE-2022-2068), which you can find out more about at this link. The IBM i PTF numbers contain the fix for the vulnerability:
IBM i Release 5733-SC1 PTF Number 7.5 SI80588 7.4, 7.3, 7.2 SI80587
Then there is Security Bulletin: IBM WebSphere Application Server Liberty is vulnerable to Identity Spoofing (CVE-2022-22476), which you can find out more …
Read more -
IBM i PTF Guide, Volume 24, Number 30
July 25, 2022 Doug Bidwell
Just to keep you on your toes, we have to catch you up on a recent Security Bulletin: IBM WebSphere Application Server is vulnerable to Cross-site Scripting (CVE-2022-22477), which you can find out more about here. IBM WebSphere Application Server 9.0 and IBM WebSphere Application Server 8.5 are both affected by this security vulnerability. This vulnerability follows five vulnerabilities in last week’s issue.
Please note that we will be moving V7R1M0 from weekly update to archive. Anything new we are informed of that impacts IBM i 7.1, we will post here in the What’s NEW! Section at the top …
Read more