• IBM i PTF Guide, Volume 25, Number 9

  March 6, 2023 Doug Bidwell

  We are still playing catch up and will be back in synch soon. We wanted to remind you about an important bug issue, which is ADMIN4 Job Terminates Suddenly When A User Profile Without *ALLOBJ and *IOSYSCFG Authority Accesses the IBM Web Administration GUI, which you can look at here.

  This issue is introduced after applying the following IBM i HTTP Group PTF levels:

  • IBM i 7.5: SF99952 level 5
  • IBM i 7.4: SF99662 level 25
  • IBM i 7.3: SF99722 level 42

  Download and apply the following 5770-SS1 PTF to prevent the ADMIN4 job from ending suddenly. The PTF …

  Read more

• IBM i PTF Guide, Volume 25, Number 5

  January 30, 2023 Doug Bidwell

  Here’s a question for you: Are you using encryption to download software fixes from IBM? You may not know, and worse yet, you may not know how to figure that out. This is important because as we warned you last fall, IBM’s Electronic Fix Distribution and Fix Central systems will end support for unencrypted fix downloads starting on February 15 of this year.

  That gives you two weeks and a day to figure it out. And this document from IBM helps you figure it out and tells you what to do.

  Aside from this, it has been pretty quiet in …

  Read more

• IBM i PTF Guide, Volume 25, Number 4

  January 23, 2023 Doug Bidwell

  Here are some reminders to start off the IBM i PTF Guide this week.

  First, there are new releases for Access Client Solutions and the ODBC database driver. (See ACS_NAV in the Guide for the links.) The funny bit – funny odd, not funny hilarious – is that version 26 of ACS did not allow companies to create a database source for ODBC, which is serious shortcoming. Now, there is a new version 27 that will let you do it. Here is the updated software:

  Description				   Version
  IBM i Access Client Solutions (1.1.9.1)	   1.1.9.1
  ACS Windows App Pkg English (64bit)	   

  …

  Read more

• IBM i PTF Guide, Volume 25, Number 3

  January 16, 2023 Doug Bidwell

  Last week was pretty quiet in PTF Land, as many of you might have expected. And considering that we were dealing with the Log4J vulnerability nonsense this time last year, we will take that as a bonus and just have Volume 24, Number 2, of the IBM i PTF Guide as a placeholder of sorts. This week is a bit more interesting, but nothing too big as yet. We have another 49 weeks in the year, so no hurry.

  Just a reminder to read and heed: IBM Electronic Fix Distribution / IBM Fix Central systems will end support for unencrypted …

  Read more

• IBM i PTF Guide, Volume 25, Number 1

  January 11, 2023 Doug Bidwell

  The New Year is always marked with celebration, but this year we also celebrate 25 years of the PTF Guide! The best way I can think of for you to celebrate is to make sure you are up to date on your PTF work.

  We start off 2023 with a series of Security Bulletins. First up, IBM Navigator for i is vulnerable to log file access, obtaining file attributes, and SQL Injection attacks due to multiple vulnerabilities. Get the details HERE.

  IBM i Release		5770DG1 IBM HTTP Server for i Group PTF
  7.5				SF99952 - 05
  7.4				SF99662 - 

  …

  Read more

• IBM i PTF Guide, Volume 24, Number 50

  December 12, 2022 Doug Bidwell

  It is another week of interesting security vulnerabilities in the IBM i world, so brace yourself for some research and patching. There are a slew of vulnerabilities that affect the Hardware Management Console for Power Systems, which means any of you IBM i shops that are using relatively large Power machines. There are five new ones, above and beyond the ones we have covered in recent weeks.

  First, there is Security Bulletin: Vulnerability in Bind (CVE-2021-25219) affects Power HMC, which you can read about here.

  Affected Product(s)	Version(s)
  HMC V10.1.1010.0	V10.1.1010.0 and later
  HMC V9.2.950.0		V9.2.950.0 and later
  Product		

  …

  Read more

• IBM i PTF Guide, Volume 24, Number 49

  December 7, 2022 Doug Bidwell

  It is another one of those weeks when there are a slew of security vulnerabilities to attend to. Four that we know of, to be precise.

  First, there is Security Bulletin: IBM WebSphere Application Server Liberty is vulnerable to a denial of service due to Google protobuf-java (CVE-2022-3171, CVE-2022-3509), which you can read more about at this link. This vulnerability affects IBM WebSphere Application Server Liberty versions 21.0.0.2 through 22.0.0.12.

  Second, there is Security Bulletin: ISC BIND on IBM i is vulnerable to denial of service due to memory leaks and a flaw in resolver code (CVE-2022-2795, CVE-2022-38177, CVE-2022-38178), …

  Read more

• IBM i PTF Guide, Volume 24, Number 48

  December 5, 2022 Timothy Prickett Morgan

  To start right off, there is a security vulnerability in the Hardware Management Console, so those of you who have larger Power Systems that have their logical partitions managed by this out-of-band controller had better listen up. Specifically, check out Security Bulletin: Vulnerability in Bind (CVE-2021-25219) affects Power HMC, which you can read about more here.

  The fixes for this security vulnerability are as follows:

  Product		VRMF			APAR			Remediation/Fix	
  Power HMC	V9.2.950.0 SP3 ppc	MB04373		MH01944
  Power HMC	V9.2.950.0 SP3 x86	MB04372		MH01943
  Power HMC	V10.1.1020.0 SP1 ppc	MB04363		MF70302
  Power HMC	V10.1.1020.0 SP1 x86	MB04362		MF70301
  

  As we …

  Read more

• IBM i PTF Guide, Volume 24, Number 46

  November 14, 2022 Doug Bidwell

  This week, you will find much to your surprise that Access Client Solutions 1.1.9.1, which was promised for delivery on December 2 back at the NAViGATE 2022 COMMON conference in St Louis, is out a few weeks early. We saw it available and downloaded it on November 11, which means it is a few weeks early.

  ACS 1.1.9.1 follows on the heels of the 1.1.9.0 release that came out in April 2022, with mitigations for the Log4j security vulnerabilities. We don’t know the full set of enhancements yet, but this IBM i – ACS Updates page at Big Blue …

  Read more

• IBM i PTF Guide, Volume 24, Number 45

  November 7, 2022 Doug Bidwell

  Hello good people of IBM i Land. There’s a security vulnerability you need to take a look at to see if it affects your system, and a whole bunch of PTF patches for all kinds of things. Let’s start with the vulnerability, which you can see in Security Bulletin: Zlib for IBM i is vulnerable to a buffer overflow issue during inflate (CVE-2022-37434) and which you can find out more about here.

  This is not the same vulnerability in Zlib for IBM i that we told you about last week, so don’t think we are a skipping record here. …

  Read more

Previous Articles Next Articles