• IBM i PTF Guide, Volume 25, Number 21

  May 22, 2023 Doug Bidwell

  As we report elsewhere in this week’s edition of The Four Hundred, there is a critical security vulnerability in the PowerVM hypervisor when it is running on Power9 and Power10 systems.

  This HIPER/Pervasive patch is described as fixing this: An internally discovered vulnerability in PowerVM on Power9 and Power10 systems could allow an attacker with privileged user access to a logical partition to perform an undetected violation of the isolation between logical partitions which could lead to data leakage or the execution of arbitrary code in other logical partitions on the same physical server.

  The Common Vulnerability and Exposure …

  Read more

• IBM i PTF Guide, Volume 25, Number 16

  April 17, 2023 Doug Bidwell

  In a rare occurrence, there are no updates to the PTF Groups for the currently supported releases – IBM i 7.5, IBM i 7.4, and IBM i 7.3 – but there sure are a whole bunch of security vulnerabilities that IBM i shops have to deal with.

  First, there are two of them dealing with WebSphere Application Server Liberty. In PH50863:IBM WebSphere Application Server Liberty is vulnerable to a denial of service, which you can find out more about here and which deals with CVE-2023-24998 CVSS 7.5. Then there is PH52739:IBM WebSphere Application Server Liberty is vulnerable to a privilege …

  Read more

• IBM i PTF Guide, Volume 24, Number 49

  December 7, 2022 Doug Bidwell

  It is another one of those weeks when there are a slew of security vulnerabilities to attend to. Four that we know of, to be precise.

  First, there is Security Bulletin: IBM WebSphere Application Server Liberty is vulnerable to a denial of service due to Google protobuf-java (CVE-2022-3171, CVE-2022-3509), which you can read more about at this link. This vulnerability affects IBM WebSphere Application Server Liberty versions 21.0.0.2 through 22.0.0.12.

  Second, there is Security Bulletin: ISC BIND on IBM i is vulnerable to denial of service due to memory leaks and a flaw in resolver code (CVE-2022-2795, CVE-2022-38177, CVE-2022-38178), …

  Read more

• IBM i PTF Guide, Volume 24, Number 33

  August 15, 2022 Doug Bidwell

  First up, IBM has tweaked its temporary additional use policy for Power Systems software for migrations to Power E1080, Power E1050, and Power S1024 servers. You can read about it here.

  Here is the significance of this. When you do an upgrade, you get 70 days from install to use the systems software for free. That can be extended once for 40 days, and then that can be extended again, once, for 3 days. After that, you have to beg for more if you need more time to do the upgrade. IBM doesn’t care about partitions, it’s the host …

  Read more

• Multiple Security Vulnerabilities Patched on IBM i

  June 22, 2022 Alex Woodie

  In recent weeks, IBM has disclosed a handful of vulnerabilities in its IBM i operating system and related IBM i products, including Db2 Mirror, WebSphere, Navigator for i, the Java development and runtime tools, and OmniFind Text Search Server. IBM has shipped PTFs for the security problems, which range in severity from medium to high.

  IBM warned of security holes in the HTTP Server (the one powered by Apache) in a June 13 security bulletin. The flaws, identified as CVE-2022-22720 and CVE-2022-22721, carry the risk of a HTTP request smuggling that could poison the Web cache, bypass firewalls, and …

  Read more

• IBM i PTF Guide, Volume 24, Number 23

  June 8, 2022 Doug Bidwell

  Welcome to this week’s edition of the IBM i PTF Guide. We start out with a correction to the Technology Refresh tab in the spreadsheet, where the “LIC Resave” values that were for 7.4 TR6 and 7.3 TR12 were based on an IBM site that was itself incorrect. That site has since been corrected, and now we have corrected the information in the sheet. Many thanks to Jeff at IBM for catching this!

  And now, a bevy of Security Bulletins – four different vulnerabilities that affect the IBM i platform, to be specific.

  First, we have Security Bulletin: IBM …

  Read more

• IBM i PTF Guide, Volume 24, Number 22

  June 1, 2022 Doug Bidwell

  Well, there is a lot of stuff going on with IBM i PTFs this week, with cumulative patch rollups, or Cumes as we call them, Technology Refreshes, and other goodies. Specifically, IBM i 7.3 and IBM i 7.2 have Cume rollups, as well as their respective TR6 and TR12 updates of new functionality.

  There are also two new security vulnerabilities. First, there is Security Bulletin: IBM Navigator for i is vulnerable to an SQL injection (CVE-2022-22495), which you can read about at this link. The patches for this vulnerability are as follows:

  IBM i Release	HTTP Server for i 

  …

  Read more

• IBM i PTF Guide, Volume 24, Number 20

  May 18, 2022 Doug Bidwell

  It was busy last week in the world of PTFs, but this week it is pretty quiet, excepting a few things. Which is good, because maybe you are not quite yet caught up anyway, right? It has been a long four years since we have new machines to play with, and we’re looking forward to getting our hands on IBM i 7.5 and, more importantly, seeing what kind of machines and deals that IBM will be making with the Power10 machines in July.

  Here is the rundown of PTF Groups by IBM i release level since we last published, with …

  Read more

• Springing Anew: IBM i Tech Refresh Expected Soon

  April 13, 2022 Alex Woodie

  If you’ve been waiting for the spring IBM i Technology Refreshes, you’re not alone. We’re nearly a month into spring, but IBM has yet to embark upon the bi-annual pilgrimage of operating system enhancements. The good news is that the good news is nearly here.

  “Big IBM i Announcements Coming Soon,” Steve Will, the chief architect of IBM i, wrote in 22.5 point font on his “You and i” blog, which was recently resurrected on TechChannel, the online successor to the now-defunct IBM Systems Magazine, where his column ran for years.

  “It’s time to hint at things that …

  Read more

• IBM i PTF Guide, Volume 24, Number 5

  February 2, 2022 Doug Bidwell

  Another week, another security vulnerability. This time, there is one in the Db2 stack for IBM i. Specifically, we present to you Security Bulletin: IBM Db2 Mirror for i is vulnerable to denial of service due to gson 217225, which you can read in full at this link. As the Db2 Mirror database clustering technology is only available on IBM i 7.4, this is the only IBM i release that is affected.

  The IBM i Group PTF number containing the fix for this vulnerability follows: Release 7.4 – SF99668 level 17.

  Just a reminder that there is a new …

  Read more

Previous Articles