IBM i PTF Guide Archives

IBM i PTF Guide, Volume 24, Number 49

December 7, 2022 Doug Bidwell

It is another one of those weeks when there are a slew of security vulnerabilities to attend to. Four that we know of, to be precise.

First, there is Security Bulletin: IBM WebSphere Application Server Liberty is vulnerable to a denial of service due to Google protobuf-java (CVE-2022-3171, CVE-2022-3509), which you can read more about at this link. This vulnerability affects IBM WebSphere Application Server Liberty versions 21.0.0.2 through 22.0.0.12.

Second, there is Security Bulletin: ISC BIND on IBM i is vulnerable to denial of service due to memory leaks and a flaw in resolver code (CVE-2022-2795, CVE-2022-38177, CVE-2022-38178), …
Read more
IBM i PTF Guide, Volume 24, Number 48

December 5, 2022 Timothy Prickett Morgan

To start right off, there is a security vulnerability in the Hardware Management Console, so those of you who have larger Power Systems that have their logical partitions managed by this out-of-band controller had better listen up. Specifically, check out Security Bulletin: Vulnerability in Bind (CVE-2021-25219) affects Power HMC, which you can read about more here.

The fixes for this security vulnerability are as follows:
```
Product		VRMF			APAR			Remediation/Fix	
Power HMC	V9.2.950.0 SP3 ppc	MB04373		MH01944
Power HMC	V9.2.950.0 SP3 x86	MB04372		MH01943
Power HMC	V10.1.1020.0 SP1 ppc	MB04363		MF70302
Power HMC	V10.1.1020.0 SP1 x86	MB04362		MF70301
```
As we …
Read more
IBM i PTF Guide, Volume 24, Number 46

November 14, 2022 Doug Bidwell

This week, you will find much to your surprise that Access Client Solutions 1.1.9.1, which was promised for delivery on December 2 back at the NAViGATE 2022 COMMON conference in St Louis, is out a few weeks early. We saw it available and downloaded it on November 11, which means it is a few weeks early.

ACS 1.1.9.1 follows on the heels of the 1.1.9.0 release that came out in April 2022, with mitigations for the Log4j security vulnerabilities. We don’t know the full set of enhancements yet, but this IBM i – ACS Updates page at Big Blue …
Read more
IBM i PTF Guide, Volume 24, Number 45

November 7, 2022 Doug Bidwell

Hello good people of IBM i Land. There’s a security vulnerability you need to take a look at to see if it affects your system, and a whole bunch of PTF patches for all kinds of things. Let’s start with the vulnerability, which you can see in Security Bulletin: Zlib for IBM i is vulnerable to a buffer overflow issue during inflate (CVE-2022-37434) and which you can find out more about here.

This is not the same vulnerability in Zlib for IBM i that we told you about last week, so don’t think we are a skipping record here. …
Read more
IBM i PTF Guide, Volume 24, Number 44

October 31, 2022 Doug Bidwell

Remember all of those quiet weeks in PTF Land when nothing much was going on? There is a whole bunch of stuff this week.

First, starting October 26, IBM has enabled multi-factor authentication (MFA) for all its websites using IBMid. As a user on the Entitled Systems Support website, you are using IBMid to login, so you are impacted by the change. When you first login after the change is implemented, you will be asked to add an additional authentication method – either a code sent to your email or a supported mobile authenticator app available on Google Play Store …
Read more
IBM i PTF Guide, Volume 24, Number 43

October 24, 2022 Doug Bidwell

We are happy to report that there are no new security vulnerabilities in the IBM i stack and related open-source software this week – at least as far as we know. So, rejoice in that. There are a bunch of HIPER PTFs and fixes for Java that span the current IBM i releases on support and extended support, so be aware of those.

And just a reminder to keep checking out The Four Hundred in each issue as we drill down into new details related to the Tech Refreshes announced this month, and that are coming in December.

Now, here …
Read more
IBM i PTF Guide, Volume 24, Number 42

October 17, 2022 Doug Bidwell

The hot news this week, which we have reported about previously and which we will be drilling down into more deeply, is that the Fall 2022 Tech Refresh updates for IBM i have been announced and will be generally available on December 2. The theme from IBM is “Let’s create a new level of integrated simplicity,” and you can see more about IBM i 7.5 Technology Refresh 1 at this link and more about IBM i 7.4 Technology Refresh 7 at that link.

Keep checking out The Four Hundred as we drill down into new details related to the …
Read more
IBM i PTF Guide, Volume 24, Number 41

October 10, 2022 Doug Bidwell

Just a reminder in case you didn’t see it last week: End of Marketing for IBM i 7.3 is 4/28/23 and end of standard support for IBM i 7.3 is 9/30/23. You can read IBM’s support statement about it here and you can see our related coverage on it there.

Also: QMGTOOLS and FTP Credentials required for Enhanced Customer Data Repository (ECuRep), find out more at this link.

Now, here is the rundown of PTF Groups by IBM i release level since we last published:

PTF Groups 7.5:
- HIPERs (High Impact/Pervasive)
- Security
- MustGather: How To Obtain and Install
…
Read more
IBM i PTF Guide, Volume 24, Number 40

October 3, 2022 Doug Bidwell

It’s the fall now, and in the wake of the September IBM i announcements, upgrade season has begun. Now, we will see if companies are in a mood to upgrade before the end of the year or will push it out into 2023.

This week, we want to let you know that QMGTOOLS and FTP Credentials required for Enhanced Customer Data Repository (ECuRep), which you can find out more about here.

Now, here is the rundown of PTF Groups by IBM i release level since we last published:

PTF Groups 7.5:
- IBM MQ for IBM i – v9.2.0/v9.3.0
- TCP/IP
…
Read more
IBM i PTF Guide, Volume 24, Number 39

September 26, 2022 Doug Bidwell

Another week, another security vulnerability. This one could be a biggie, so pay attention. Security Bulletin: IBM Common Cryptographic Architecture (CCA) is vulnerable to denial of service (CVE-2022-22423), which you can find out more about here. The vulnerability can be fixed by applying a PTF to IBM i. Releases 7.5, 7.4, 7.3, and 7.2 of IBM i will be fixed. Each PTF bundles updates to CCA 5.x MTM for 4767 and CCA 7.x MTM for 4769, bringing their respective firmware levels to 5.7.12 and 7.3.44 or later, respectively.

Here are the fixes for this particular vulnerability:
```
IBM i release	
```
…
Read more

Content archive

Recent Posts

Subscribe

Pages

Search