IBM i PTF Guide Archives - Page 15 of 25

IBM i PTF Guide, Volume 24, Number 13

March 30, 2022 Doug Bidwell

It’s pretty quiet on the PTF western front. Not that there isn’t always some kind of weird stuff going on . . . because, let me assure you, there is. IBM i customers have all kinds of weird things happening, and that ain’t no April Fool’s joke. But, mercifully, this week, as we end the first quarter and Spring is starting meteorologically as well as calendaricly – yes, I just made that word up – there are only a few things going on.

Once again: To help you with the Log4j security vulnerability, we have created a supplemental spreadsheet as …
Read more
IBM i PTF Guide, Volume 24, Number 12

March 23, 2022 Doug Bidwell

And the security vulnerabilities just keep on a-coming. This time, it is with the WebSphere Application Server. Check out Security Bulletin: IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to Clickjacking (CVE-2021-39038), which you can read all about here. The affected products are WebSphere Application Server Liberty, versions 17.0.0.3 through 22.0.0.2 and WebSphere Application Server versions 9.0 through 9.0.5.11.

Also, here some information: The default location of ACS is updated whenever there is a Cumulative update or upgrade to a OS level. (\\&SystemName\root\QIBM\ProdData\Access\ACS\Base). Here are fixes for this:
- IBM i 7.4: SI77377 – ACS 1.1.8.8
…
Read more
IBM i PTF Guide, Volume 24, Number 11

March 16, 2022 Doug Bidwell

This Log4j security vulnerability just keeps being more and more pesky. If you haven’t seen it yet, there is an update to a Security Bulletin called Due to use of Apache Log4j, OmniFind Text Search Server for DB2 for i is vulnerable to arbitrary code execution (CVE-2021-4104), which you can read all about at this link.

The patches for each release are described in full here:

OmniFind V1R5M0:
- SI78753
- SI78754
- SI78755
OmniFind V1R4M0
- SI78756
- SI78757
- SI78758
OmniFind V1R3M0
- SI78751
- SI78759
- SI78760
- SI78761
To help you with the Log4j security vulnerability, we have created a supplemental spreadsheet as a companion …
Read more
Log4j Security Hole Found In OmniFind Text Search Server

March 14, 2022 Timothy Prickett Morgan

Who would have thought that a logging utility written in Java and available for more than two decades could cause so much trouble? But that is the nature of the Log4j security vulnerability, which has been installed in all kinds of systems software and which had a Log4Shell vulnerability that was discovered by Chinese computing giant Alibaba on November 24 last year and that was revealed to the world on December 9 as a zero-day vulnerability.

There are several areas of the IBM i software stack that use the Log4j logging utility, which is one of the many Apache open …
Read more
IBM i PTF Guide, Volume 24, Number 10

March 7, 2022 Doug Bidwell

This week, there are a bunch of security bulletins about yet more new vulnerabilities, this time in the HTTP Server and the Samba Windows file server clone that are embedded in the IBM i operating system. There is also a partial mitigation against Log4j/Log4Shell vulnerabilities, and you may get a laugh or a cry out of this one. Maybe both. OK, probably both. Let’s go through them all.

First, there is Security Bulletin: IBM HTTP Server (powered by Apache) for i is vulnerable to CVE-2021-44224, which you can read about here at this link. With this vulnerability, the Apache …
Read more
IBM i PTF Guide, Volume 24, Number 9

February 28, 2022 Doug Bidwell

Welcome to this week’s edition of the IBM i PTF Guide, and we start off with this notice from the support people at IBM, which indicates that a HIPER PTF patch may include longer Abnormal IPL times during C9002C20 SNADS recovery. We also wanted to point out that we have added two new tabs to the Guide, QMGtools and ACS-Navigator for i. These are links we have found when troubleshooting and are useful for a more global look at those products.

Here is the rundown of PTF Groups by IBM i release level since we last published: …
Read more
IBM i PTF Guide, Volume 24, Number 8

February 23, 2022 Doug Bidwell

Wake up! There is a new security vulnerability in the Java stack within IBM i. See Security Bulletin: IBM Java SDK and IBM Java Runtime for IBM i are affected by CVE-2021-234, which you can read at this link. The IBM i Group PTF numbers containing the fix for the CVE follows. Future Group PTFs for Java will also contain the fix for this CVE:
- Release 7.4: SF99665 level 13
- Release 7.3: SF99725 level 24
- Release 7.2: SF99716 level 34
To help you with the Log4j security vulnerability, we have created a supplemental spreadsheet as a companion to the …
Read more
IBM i PTF Guide, Volume 24, Number 7

February 16, 2022 Doug Bidwell

To help you deal with the Log4j security vulnerability, we have created a supplemental spreadsheet as a companion to the IBM i PTF Guide that has the latest information on what you need to worry about and do about it when it comes to this vulnerability.

You can down the Log4j spreadsheet at this link.

And just a reminder that there is a new version of Navigator for i, which you can find out more about at this link. This modern user interface can be accessed from http://hostname:2002/Navigator.

Here is the rundown of PTF Groups by IBM i …
Read more
IBM i PTF Guide, Volume 24, Number 6

February 9, 2022 Doug Bidwell

Hey, guess what? There are no new Security Bulletins this week (at least as of when we are going to press) and there are no new known security vulnerabilities for any part of the software stack of the IBM i platform. We doubt very much that Windows Server can ever say the same thing, and even Linux, which is the only volume operating system that matters, usually has something going on because, like IBM i and Windows Server, it is more than a kernel but a complete set of thousands of programs and tens of millions of lines of code. …
Read more
IBM i PTF Guide, Volume 24, Number 5

February 2, 2022 Doug Bidwell

Another week, another security vulnerability. This time, there is one in the Db2 stack for IBM i. Specifically, we present to you Security Bulletin: IBM Db2 Mirror for i is vulnerable to denial of service due to gson 217225, which you can read in full at this link. As the Db2 Mirror database clustering technology is only available on IBM i 7.4, this is the only IBM i release that is affected.

The IBM i Group PTF number containing the fix for this vulnerability follows: Release 7.4 – SF99668 level 17.

Just a reminder that there is a new …
Read more

Previous Articles Next Articles

Content archive

Recent Posts

Subscribe

Pages

Search