IBM i PTF Guide Archives - Page 14 of 25

IBM i PTF Guide, Volume 24, Number 24

June 15, 2022 Doug Bidwell

If it seems like just about every week there is a security vulnerability within the broad and deep expanse of the IBM i platform, well it isn’t just seeming like that. It is like that. And this week we start out with four news ones that you have to contend with in the IBM i PTF Guide.

First, we have Security Bulletin: Due to use of Spring Framework, IBM Db2 Web Query for i is vulnerable to unprotected fields (CVE-2022-22968), remote code execution (CVE-2022-22965), and denial of service (CVE-2022-22950). Find out more about that at this link. Here …
Read more
IBM i PTF Guide, Volume 24, Number 23

June 8, 2022 Doug Bidwell

Welcome to this week’s edition of the IBM i PTF Guide. We start out with a correction to the Technology Refresh tab in the spreadsheet, where the “LIC Resave” values that were for 7.4 TR6 and 7.3 TR12 were based on an IBM site that was itself incorrect. That site has since been corrected, and now we have corrected the information in the sheet. Many thanks to Jeff at IBM for catching this!

And now, a bevy of Security Bulletins – four different vulnerabilities that affect the IBM i platform, to be specific.

First, we have Security Bulletin: IBM …
Read more
IBM i PTF Guide, Volume 24, Number 22

June 1, 2022 Doug Bidwell

Well, there is a lot of stuff going on with IBM i PTFs this week, with cumulative patch rollups, or Cumes as we call them, Technology Refreshes, and other goodies. Specifically, IBM i 7.3 and IBM i 7.2 have Cume rollups, as well as their respective TR6 and TR12 updates of new functionality.

There are also two new security vulnerabilities. First, there is Security Bulletin: IBM Navigator for i is vulnerable to an SQL injection (CVE-2022-22495), which you can read about at this link. The patches for this vulnerability are as follows:
```
IBM i Release	HTTP Server for i 
```
…
Read more
IBM i PTF Guide, Volume 24, Number 21

May 25, 2022 Doug Bidwell

Not to give you any work to do, but I am going to give you some work to do. There is a new service pack for system firmware level MH1010, and this service pack, which you can read about here, addresses a HIPER issue. Next, compression with the ZLIB algorithm with Geographic Mirroring synchronization is coming soon! You can find out more about it at this link. And finally, check out the infrastructure changes that are coming to IBM Electronic Fix Distribution / IBM Fix Central system, which might necessitate customer firewall and proxy setting changes, which you …
Read more
IBM i PTF Guide, Volume 24, Number 20

May 18, 2022 Doug Bidwell

It was busy last week in the world of PTFs, but this week it is pretty quiet, excepting a few things. Which is good, because maybe you are not quite yet caught up anyway, right? It has been a long four years since we have new machines to play with, and we’re looking forward to getting our hands on IBM i 7.5 and, more importantly, seeing what kind of machines and deals that IBM will be making with the Power10 machines in July.

Here is the rundown of PTF Groups by IBM i release level since we last published, with …
Read more
IBM i PTF Guide, Volume 24, Number 19

May 11, 2022 Doug Bidwell

So here is what’s new. Here is a notice at the top of the Fix Central Home Page: “Your action may be required. IBM will implement infrastructure improvements to electronic fix distribution on June 4, 2022. IP and hostnames will change for servers that support fix delivery. New connections are required. You must configure your firewall and proxy server if you have a firewall in your network, or if your machine uses a proxy server to access the internet. Please see preparing firewalls and proxies.”

And here is another note from the PTF Cume Cover Letter: “IMPORTANT: Permanently apply any …
Read more
IBM i PTF Guide, Volume 24, Number 18

May 4, 2022 Doug Bidwell

Well, good people of IBM i Land, you are getting another relatively light week when it comes to PTFs, which makes sense with IBM i 7.5 and IBM i 7.4 TR 6 rolling out this week. This is good news because now you have time to digest all of the announcements and to start thinking about how you might take advantage of all of the new software Big Blue has been working on.

For those of you who have not kept current on your PTF patches, there is a vast archive of IBM i PTF Guide editions for you to …
Read more
IBM i PTF Guide, Volume 24, Number 17

April 27, 2022 Doug Bidwell

It was a pretty quiet week in PTF Land, which stands to reason given the various holidays and the Spring Break that a lot of people had last week. It probably won’t last long, so take the downtime while you have it. There is stuff you need to deal with, of course.

One reminder: A new build for Access Client Services (ACS) 1.1.9.0 is available for download (2170).

Here is the rundown of PTF Groups by IBM i release level since we last published:

PTF Groups 7.4:
- HIPERs
- Security
- Backup Recovery Solutions
- TCP/IP
- QMGTOOLS
PTF Groups 7.3:
- HIPERs
- Security
- Backup
…
Read more
IBM i PTF Guide, Volume 24, Number 16

April 20, 2022 Doug Bidwell

It is a new week, and there are two new security vulnerabilities in the IBM i platform. First, there is Security Bulletin: IBM WebSphere Application Server Liberty for IBM i is vulnerable to spoofing and clickjacking attacks due to swagger-ui (CVE-2018-25031, CVE-2021-46708), which you can read more about here. The IBM i PTF numbers containing the fix for the CVEs:

IBM i Release      5770-SS1 PTF Number      PTF Download Link

7.4                          SI78971                                https://www.ibm.com/support/pages/ptf/SI78971

7.3                          SI78972                                https://www.ibm.com/support/pages/ptf/SI78972

7.2                          SI78973                                https://www.ibm.com/support/pages/ptf/SI78973

Then there is Security Bulletin: OpenSSL for IBM i is vulnerable to a denial of service due to a flaw in …
Read more
IBM i PTF Guide, Volume 24, Number 14

April 6, 2022 Doug Bidwell

Get your PTF patching fingers ready to roll across the keyboard because there are some new security vulnerabilities in the IBM i platform. First up, Security Bulletin: IBM Db2 Web Query for i is vulnerable to denial of service in Apache Commons Compress (CVE-2021-36090), arbitrary code execution in Apache Log4j (CVE-2021-44832), and cross-site scripting in TIBCO WebFOCUS (CVE-2021-35493), which you can learn about here.

Release 2.2.0 can be fixed by upgrading to release 2.2.1 or 2.3.0, depending on your IBM i release level:
- IBM i 7.4: Upgrade to Db2 Web Query for i 2.3.0
- IBM i 7.3: Upgrade to
…
Read more

Previous Articles Next Articles

Content archive

Recent Posts

Subscribe

Pages

Search