Doug Bidwell
-
IBM i PTF Guide, Volume 26, Number 40
October 14, 2024 Doug Bidwell
First off this week, there is a security vulnerability for you to deal with in your IBM i systems. Specifically, we have Security Bulletin: Vulnerability in MD5 Signature and Hash Algorithm affects IBM i (CVE-2015-7575), which you can read more about here. IBM i releases 6.1, 7.1. and 7.2 are supported and will be fixed as follows:
5770-999, 5770-SS1:
- Release 6.1.1 – MF60292
- Release 7.1 – SI59229, MF61242, MF60291
- Release 7.2 – SI59230, MF61243, MF60290
5770-UME:
- CIM 1.3: SI59244
- CIM 1.4: SI59193
Also, be aware of changes to data upload for IBM Support – Preparing customer firewalls and proxies …
Read more -
IBM i PTF Guide, Volume 26, Number 39
October 9, 2024 Doug Bidwell
Brace yourself, there is lots of stuff going on in PTF Land this week. To begin with, there are three security vulnerabilities.
First, we have Security Bulletin: IBM HTTP Server (powered by Apache) for IBM i is vulnerable to a remote attacker causing a denial of service, executing arbitrary code, and mapping URLs to filesystem locations due to multiple vulnerabilities. You can find out more about this vulnerability at this link. The patches are as follows, by release:
7.5 SJ01738 SJ02179 7.4 SJ01739 SJ02177 7.3 SJ01752 SJ02176 7.2 SJ01751 SJ02130
Second, we have Security Bulletin: IBM i (V6.1, 7.1, …
Read more -
IBM i PTF Guide, Volume 26, Number 38
October 7, 2024 Doug Bidwell
There is a hodge podge of stuff that you need to deal with this week when it comes to patching your IBM i system.
First, there is a security vulnerability. Read all about it in Security Bulletin: Vulnerability in Node.js affects IBM Rational Developer for i RPG and COBOL + Modernization Tools, Java Edition (CVE-2024-36138), which you can find out more about at this link. The issue can be fixed by loading an interim fix. IBM strongly recommends addressing the vulnerability now by upgrading to Node.js 18.20.4. Please follow Upgrading the Node.js that is used by Cordova or NodeRed …
Read more -
IBM i PTF Guide, Volume 26, Number 37
September 23, 2024 Doug Bidwell
This week, there are recommended fixes for the cryptographic services in the IBM i platform and Big Blue’s own cryptographic co-processors, which run encryption, decryption, and hashing algorithms on outboard compute engines rather than on the Power CPUs at the heart of the system. You can read about the recommended fixes for IBM i 7.2 here and for IBM i 7.3 there. As far as we know, there are not fixes for IBM i 7.4 or IBM i 7.5.
Here is the rundown of PTF Groups by IBM i release level since we last published:
PTF Groups 7.5:
- HIPERs
-
IBM i PTF Guide, Volume 26, Number 36
September 16, 2024 Doug Bidwell
The Apache Web server and the WebSphere middleware that runs on top of it are not working together well. We have caught wind of the HTTP Apache Server Failing to Start After WebSphere 9.0 Fixpack Update. ‘HTP8091 HTTP Server post-configuration step failed’ Error in the HTTP Server Joblog, which you can find out more about here. After a WebSphere 9.0 fixpack update is applied, HTTP servers associated with a WebSphere 9.0 server fail to start and throw a “HTP8091 HTTP Server post-configuration step failed” error. Click on link above to see resolution.
Also, there is a security vulnerability you …
Read more -
IBM i PTF Guide, Volume 26, Number 33
September 9, 2024 Doug Bidwell
We are back to the Quiet Time again in PTF Land, and we are beginning to wonder if the slowdown in patches has anything to do with the recent closures of the research and development labs by China, which we report on elsewhere in this issue. Probably not. But maybe.
Fact is, there is not a lot going on this week, and thankfully no security vulnerabilities that we could see.
Here is the rundown of PTF Groups by IBM i release level since we last published:
PTF Groups 7.5:
- HIPERs (High Impact/Pervasive)
- Java
- RPG Café
PTF Groups 7.4:
- HIPERs (High
-
IBM i PTF Guide, Volume 26, Number 32
August 19, 2024 Doug Bidwell
You knew that this was not going to last forever. We had a few weeks where there were not any security vulnerabilities in the IBM i stack, and now you have three you need to attend to this week. There are some patches for WebSphere middleware as well.
Let’s start with the security issues.
First, we have Security Bulletin: Multiple Vulnerabilities in IBM Java SDK affect IBM WebSphere Application Server and IBM WebSphere Application Server Liberty due to July 2024 CPU, which you can read all about here. The affected products include:
Affected Product(s) Version(s) IBM WebSphere Application Server
… Read more -
IBM i PTF Guide, Volume 26, Number 31
August 12, 2024 Doug Bidwell
As we report elsewhere in this issue, the big news this week in IBM Software Land is a new release of Access Client Solutions, which is rolled out as a PTF update for the currently supported releases of the IBM i operating system. Our story is here, and the release notes are there.
We did not see any new security vulnerabilities, which is always good news.
Here is the rundown of PTF Groups by IBM i release level since we last published:
PTF Groups 7.5:
- IBM i Access Client Solutions V1.1.9.6
- SAP Support Required PTF List for IBM
-
IBM i PTF Guide, Volume 26, Number 30
August 7, 2024 Doug Bidwell
Sometimes, you have to work really hard to try to figure out if you are going to have to do a lot of patching on the systems this week – and then you find out, to your pleasant surprise, that the hardest work you had to do was to find out that you really didn’t have to worry about much. Such is this week.
Basically, there are just new defective PTFs this week and that is about it.
Here is the rundown of PTF Groups by IBM i release level since we last published:
PTF Groups 7.5:
- None
PTF Groups …
Read more -
IBM i PTF Guide, Volume 26, Number 29
August 5, 2024 Doug Bidwell
We know that you were just getting comfortable with a relatively easy summer, CrowdStrike crash excepted if you are one of its customers, and so we have a few security vulnerabilities and PTF patches you need to cope with this week.
First, we have Security Bulletin: IBM HTTP Server (powered by Apache) for IBM i is vulnerable to HTTP response splitting attacks [CVE-2023-38709, CVE-2024-24795], which you can find out more about at this link. The fixes for this issue, by IBM i release, are as follows:
IBM i Release 5770-DG1 PTF Number 7.5 SJ01350 SJ01401 7.4 SJ01349 SJ01400 7.3
… Read more