• IBM i PTF Guide, Volume 25, Number 24

  June 12, 2023 Doug Bidwell

  It is one of those quiet weeks in PTF Land, which probably means next week or the week after won’t be if history is any guide. This week, we have Security Bulletin: Multiple Vulnerabilities in IBM Java SDK affect IBM WebSphere Application Server and IBM WebSphere Application Server Liberty due to April 2023 CPU. More information is available here. Below are the affected products and versions.

  Affected Product(s)				Version(s)
  IBM WebSphere Application Server		9.0
  IBM WebSphere Application Server		8.5
  IBM WebSphere Application Server Liberty	Continuous delivery
  

  Here is the rundown of PTF Groups by IBM i release level since we …

  Read more

• IBM i PTF Guide, Volume 25, Number 23

  June 7, 2023 Doug Bidwell

  It’s a little more quiet in this issue of the IBM i PTF Guide than it was last time, which is a good thing and which ran on Monday. We will start off with two more security vulnerabilities, one with Rational Developer for i and the other for the WebSphere Application Server Liberty edition.

  First, we have Security Bulletin: IBM Rational Developer for i is vulnerable to attacker obtaining sensitive information due to Java string processing in IBM Toolbox for Java (CVE-2022-43928), which you can find out more about here. Here are the affected releases:

  Affected Product(s)				Version(s)
  IBM 

  …

  Read more

• IBM i PTF Guide, Volume 25, Number 22

  June 5, 2023 Doug Bidwell

  Welcome back after the Memorial Day holiday, and our thanks to all who have served and who currently serve.

  There is a slew of security issues that you need to deal with on the IBM i platform. So let’s get to it.

  First, we have Security Bulletin: IBM Java SDK and IBM Java Runtime for IBM i are vulnerable to exposing sensitive information due to flaws and configurations (CVE-2023-30441), which you can find out more about here. The vulnerability can be fixed by applying the latest Java Group PTF.  Releases 7.5, 7.4, 7.3, and 7.2 of IBM i will …

  Read more

• Update On Critical Security Vulnerability In PowerVM

  May 24, 2023 Timothy Prickett Morgan

  Earlier this week, we told you about a very serious security vulnerability in the PowerVM hypervisor when running on Power9 and Power10 systems. IBM found the vulnerability itself and immediately set about to patch the vulnerability, which it revealed on May 17 along with patches to firmware in systems that are managed by the Hardware Management Console, or HMC.

  What was not necessarily apparent was that there are plenty of Power Systems customers who do not have HMCs managing their systems and the logical partitions upon them, and this is particularly true of the IBM i installed base, which …

  Read more

• IBM i PTF Guide, Volume 25, Number 21

  May 22, 2023 Doug Bidwell

  As we report elsewhere in this week’s edition of The Four Hundred, there is a critical security vulnerability in the PowerVM hypervisor when it is running on Power9 and Power10 systems.

  This HIPER/Pervasive patch is described as fixing this: An internally discovered vulnerability in PowerVM on Power9 and Power10 systems could allow an attacker with privileged user access to a logical partition to perform an undetected violation of the isolation between logical partitions which could lead to data leakage or the execution of arbitrary code in other logical partitions on the same physical server.

  The Common Vulnerability and Exposure …

  Read more

• IBM i PTF Guide, Volume 25, Number 19

  May 8, 2023 Doug Bidwell

  There are new cumulative updates this week, and a couple of security vulnerabilities that you need to be aware of, which we cover along with the normal PTF updates and defective PTF rundown that we do every week. Let’s start, as we often do, with the vulnerabilities.

  First, we have Security Bulletin: IBM WebSphere Application Server Liberty for IBM i. which is vulnerable to a server-side request forgery, a denial of service, an attacker obtaining sensitive information, and gaining elevated privileges due to multiple vulnerabilities. You can find out more about at this link. The issues can be fixed …

  Read more

• IBM i PTF Guide, Volume 25, Number 18

  May 1, 2023 Doug Bidwell

  A new week, a new security vulnerability in the IBM i platform. This time around, we have Security Bulletin: Vulnerability in libtasn1 (CVE-2021-46848) affects Power HMC, which you can read more about at this link. The Affected products and versions are: HMC V10.1.1010.0, HMC V10.2.1030.0, and HMC V9.2.950.0. The remediation/fixes for the vulnerability are:

  Product	VRMF			APAR		Remediation/Fix
  Power HMC	V9.2.950.0 SP3 ppc	MB04397	MH01954
  Power HMC	V9.2.950.0 SP3 x86	MB04396	MH01953
  Power HMC	V10.1.1020.0 SP1 ppc	MB04388	MF70701
  Power HMC	V10.1.1020.0 SP1 x86	MB04387	MF70700
  Power HMC	V10.2.1030.0 ppc	MB04401	MF70890
  Power HMC	V10.2.1030.0 SP1 x86	MB04400	MF70889
  

  …

  Read more

• IBM i PTF Guide, Volume 25, Number 17

  April 24, 2023 Doug Bidwell

  There are a lot of PTFs that you need to be aware of this week, but before we get into them, there are two security vulnerabilities, one affecting the IBM i platform’s integrated Apache Web server and the other affecting the combination of IBM i Access Client Solutions combined with the IBM Toolbox for Java. Let’s get into the security bulletins to start.

  First, we have Security Bulletin: IBM HTTP Server (powered by Apache) for IBM i is vulnerable to HTTP response splitting and denial of service attacks (CVE-2022-37436, CVE-2006-20001), which you can find out more about at this link …

  Read more

• IBM i PTF Guide, Volume 25, Number 16

  April 17, 2023 Doug Bidwell

  In a rare occurrence, there are no updates to the PTF Groups for the currently supported releases – IBM i 7.5, IBM i 7.4, and IBM i 7.3 – but there sure are a whole bunch of security vulnerabilities that IBM i shops have to deal with.

  First, there are two of them dealing with WebSphere Application Server Liberty. In PH50863:IBM WebSphere Application Server Liberty is vulnerable to a denial of service, which you can find out more about here and which deals with CVE-2023-24998 CVSS 7.5. Then there is PH52739:IBM WebSphere Application Server Liberty is vulnerable to a privilege …

  Read more

• IBM i PTF Guide, Volume 25, Number 15

  April 10, 2023 Doug Bidwell

  It is Spring Break in a lot of places, and also Easter and Passover as we go to press, and so it is not at all surprising that there is not a lot of activity in the IBM i PTF Guide this week. We took the opportunity to retire 7.2 worksheet, check the archives, and, DLB_PTF_04/01/23_B25N14.XLS for the last worksheet. Any changes to V7R2 going forward will be detailed here instead of the Guide.

  There are High Impact/Pervasive tweaks for all currently supported releases – IBM i 7.5, IBM i 7.4, and IBM i 7.3 – and a fix list …

  Read more

Previous Articles Next Articles