• Security Vulnerability In VIOS, AIX, And Maybe IBM i

  November 23, 2020 Timothy Prickett Morgan

  IBM i shops that use the Virtual I/O Server, which is a cut-down version of the AIX implementation of Unix created by Big Blue, have to be aware that there is a security vulnerability that affects recent releases of AIX and VIOS.

  The vulnerability, announced in Security Vulnerability CVE-2020-4788, affects Power9 machinery running VIOS 3.1 or AIX 7.1 and AIX 7.2, and under what are called “extenuating circumstances” the vulnerability could allow a local user on the system to obtain sensitive information stored on the L1 cache on the Power9 cores.

  The vulnerability was reported on November 18, and …

  Read more

• IBM i PTF Guide, Volume 22, Number 47

  November 23, 2020 Doug Bidwell

  As we report elsewhere in this issue of The Four Hundred, there is a new security bulletin that has been issued relating to a speculative execution vulnerability that affects Power9 systems running the Virtual I/O Server in general and AIX 7.1 and AIX 7.2 in particular. As such, it indirectly affects all four IBM i releases, from 7.1 through 7.4. See Security Bulletin: Vulnerability CVE-2020-4788 at this link.

  The patches to deal with this vulnerability are as follows:

  • IBM i 7.4: MF68089 and MF68090
  • IBM i 7.3: MF68094 and MF68095
  • IBM i 7.2: MF68096 and MF68097
  • IBM i

  …

  Read more

• IBM i PTF Guide, Volume 22, Number 46

  November 18, 2020 Doug Bidwell

  First, thank you to Kent Stoner for catching the error in the IBM i 7.3 Defective PTF. It should have been SI73926 – it has been corrected below. There are new Cumes for IBM i 7.2, IBM i 7.3, and IBM i 7.4, and we made it through Friday the 13^th and the new Technology Refreshes for IBM i 7.3 and IBM i 7.4 were indeed available. Also, a reminder that there is a new version of Access Client Solutions that is due in the first week of December, and finally, there are no new defective PTFs this week. …

  Read more

• IBM i PTF Guide, Volume 22, Number 45

  November 11, 2020 Doug Bidwell

  There is not a lot of action on the PTF front this week, but we once again want to remind you that the new Technology Refreshes for IBM i 7.3 and IBM i 7.4 are going to be available on Friday the 13th, and so will the Tech Refresh resaves related to them. Also, there is a new version of Access Client Solutions that is due in the first week of December.

  Here is the rundown of PTF Groups by IBM i release level:

  PTF Groups 7.4:

  • HIPERs
  • Temporary Storage

  PTF Groups 7.3:

  • HIPERs

  PTF Groups 7.2:

  • HIPERs

  PTF Groups …

  Read more

• IBM i PTF Guide, Volume 22, Number 44

  November 4, 2020 Doug Bidwell

  You may or may not be aware of this news so it is worth sharing: there is a new version of Access Client Services that is due in the first week of December this year. And, a final reminder that the new Technology Refreshes for IBM i 7.3 and IBM i 7.4 are going to be available on November 13, and so will the Tech Refresh Resaves related to them.

  Here is the rundown of PTF Groups by IBM i release level:

  PTF Groups 7.4:

  • QMGTOOLS

  PTF Groups 7.3:

  • QMGTOOLS

  PTF Groups 7.2:

  • QMGTOOLS

  PTF Groups 7.1:

  • Nothing here.

  New …

  Read more

• IBM i PTF Guide, Volume 22, Number 43

  October 28, 2020 Doug Bidwell

  Let’s start this edition of the IBM i PTF Guide with a few reminders. First, the new Technology Refreshes for IBM i 7.3 and IBM i 7.4 are going to be available on November 13, and so will the Tech Refresh Resaves related to them. Next, the IBM Systems TechU – The Virtual Edition takes place from October 26 through 29. You can find out more at this link.

  Next, there is a new Security Bulletin: BIND for IBM i is affected by CVE-2020-8622 and CVE-2020-8624, which is available at this link. The IBM i PTF numbers are: …

  Read more

• IBM i PTF Guide, Volume 22, Number 42

  October 21, 2020 Doug Bidwell

  All is quiet on the Western and Eastern fronts as we await the delivery of the Technology Refreshes for IBM i 7.3 and IBM i 7.4 on November 13. The Tech Refresh Resaves will also be available at that time. Other than some nips and tucks in the IBM i PTF Guide, there is not a lot to report, but we do this every week to keep you up to date. From a system administrator point of view, knowing when nothing big is going on is almost as useful as knowing when there is a lot going on.

  To …

  Read more

• IBM i PTF Guide, Volume 22, Number 41

  October 14, 2020 Doug Bidwell

  As we have been reporting since October 6, there are new Technology Refreshes that have been launched, and we have come to find out that the Technology Refresh Resaves, which are an important part of the distribution of IBM i code, will be available on November 13.

  Here is the PTF rundown by release:

  PTF Groups 7.4:

  • HIPERs (High Impact/Pervasive)
  • Security
  • Performance Tools

  PTF Groups 7.3:

  • HIPERs (High Impact/Pervasive)
  • Security
  • Performance Tools

  PTF Groups 7.2:

  • HIPERs (High Impact/Pervasive)
  • Security

  PTF Groups 7.1

  • There is occasionally stuff here, thanks to extended support. But not this week, again.

  New (or updated) links …

  Read more

• IBM i PTF Guide, Volume 22, Number 40

  October 7, 2020 Doug Bidwell

  Are you feeling vulnerable today? Well, even if you are not, your IBM i system is. There are two security bulletins that relate to Java that are affecting the IBM i platform. Specifically, there was a Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM i, which you can see here and Security Bulletin: IBM Java SDK and IBM Java Runtime for IBM i is affected by CVE-2020-2590, which you can see there.

  The IBM i Group PTF numbers containing the fix for these CVEs are the latest Java Group PTFs in the IBM …

  Read more

• IBM i PTF Guide, Volume 22, Number 39

  September 30, 2020 Doug Bidwell

  This week, right off the bat, there are a few things you need to be aware of. First of all, there are microcode patches for a bunch of systems.

  Specifically, they are for MTMs – that is short for machine type/model in the business partner lingo – 9008-22L, 9009-22A, 9009-41A, 9009-42A, and 9223-22H. To save you from having to run around the Internet to figure out what machines they are, that is the Power L922 (a Linux-only machine), the Power S922, the Power S914, the Power S924, and the Power H922 for SAP HANA. You can find out more at …

  Read more

Previous Articles