• The Four Hundred
  • Subscribe
  • Media Kit
  • Contributors
  • About Us
  • Contact
Menu
  • The Four Hundred
  • Subscribe
  • Media Kit
  • Contributors
  • About Us
  • Contact
  • IBM i PTF Guide, Volume 24, Number 9

    February 28, 2022 Doug Bidwell

    Welcome to this week’s edition of the IBM i PTF Guide, and we start off with this notice from the support people at IBM, which indicates that a HIPER PTF patch may include longer Abnormal IPL times during C9002C20 SNADS recovery. We also wanted to point out that we have added two new tabs to the Guide, QMGtools and ACS-Navigator for i. These are links we have found when troubleshooting and are useful for a more global look at those products.

    Here is the rundown of PTF Groups by IBM i release level since we last published: …

    Read more
  • IBM i PTF Guide, Volume 24, Number 8

    February 23, 2022 Doug Bidwell

    Wake up! There is a new security vulnerability in the Java stack within IBM i. See Security Bulletin: IBM Java SDK and IBM Java Runtime for IBM i are affected by CVE-2021-234, which you can read at this link. The IBM i Group PTF numbers containing the fix for the CVE follows. Future Group PTFs for Java will also contain the fix for this CVE:

    • Release 7.4: SF99665 level 13
    • Release 7.3: SF99725 level 24
    • Release 7.2: SF99716 level 34

    To help you with the Log4j security vulnerability, we have created a supplemental spreadsheet as a companion to the …

    Read more
  • IBM i PTF Guide, Volume 24, Number 7

    February 16, 2022 Doug Bidwell

    To help you deal with the Log4j security vulnerability, we have created a supplemental spreadsheet as a companion to the IBM i PTF Guide that has the latest information on what you need to worry about and do about it when it comes to this vulnerability.

    You can down the Log4j spreadsheet at this link.

    And just a reminder that there is a new version of Navigator for i, which you can find out more about at this link. This modern user interface can be accessed from http://hostname:2002/Navigator.

    Here is the rundown of PTF Groups by IBM i …

    Read more
  • IBM i PTF Guide, Volume 24, Number 6

    February 9, 2022 Doug Bidwell

    Hey, guess what? There are no new Security Bulletins this week (at least as of when we are going to press) and there are no new known security vulnerabilities for any part of the software stack of the IBM i platform. We doubt very much that Windows Server can ever say the same thing, and even Linux, which is the only volume operating system that matters, usually has something going on because, like IBM i and Windows Server, it is more than a kernel but a complete set of thousands of programs and tens of millions of lines of code. …

    Read more
  • IBM i PTF Guide, Volume 24, Number 5

    February 2, 2022 Doug Bidwell

    Another week, another security vulnerability. This time, there is one in the Db2 stack for IBM i. Specifically, we present to you Security Bulletin: IBM Db2 Mirror for i is vulnerable to denial of service due to gson 217225, which you can read in full at this link. As the Db2 Mirror database clustering technology is only available on IBM i 7.4, this is the only IBM i release that is affected.

    The IBM i Group PTF number containing the fix for this vulnerability follows: Release 7.4 – SF99668 level 17.

    Just a reminder that there is a new …

    Read more
  • IBM i PTF Guide, Volume 24, Number 4

    January 26, 2022 Doug Bidwell

    A new Oracle JCE Code Signing CA was recently implemented in the IBM JDK to resolve APAR IJ26310. Specifically, this is related to IBM JDK 8.0 SR6 FP25, JDK 7.1 SR4 FP75, and JDK 7.0 SR10 FP75, whereby Java applications running on the IBM i operating system might encounter the error messages “JCE is not installed properly” or “JCE cannot authenticate the provider XX” or “xyz.jar is not signed by a trusted signer” after upgrading to the following IBM i Java Group PTF level or newer.

    The following IBM i Java Group PTF levels install 8.0 SR6 FP25.

    • Release 7.1:
    …

    Read more
  • Some Good Advice About Log4j Mitigation Gotchas

    January 24, 2022 Timothy Prickett Morgan

    The Apache Log4j logging utility written in Java and available since the end of the Dot Com Boom in early 2001, has been installed far and wide into many systems and systems software packages in the more than two decades it has been available. And that is why the zero-day security vulnerability discovered by Chinese computing giant Alibaba on November 24 last year and revealed on December 9 has caused so much concern.

    Log4j is everywhere and that means the Log4Shell vulnerability that Alibaba described makes it particularly scary. But before we get into some of the mitigation advice that …

    Read more
  • IBM i PTF Guide, Volume 24, Number 3

    January 19, 2022 Doug Bidwell

    Another new security bulletin in this week’s edition of the IBM i PTF Guide. The IBM i Extended Dynamic Remote SQL server (EDRSQL) is affected by CVE-2021-39056, which could allow a remote authenticated user to send a specially crafted request and cause a denial of service. Learn more details and find out how to resolve at this link.

    The IBM i PTF numbers containing the fix for the CVE are:

    • Release 7.4 – SI77996
    • Release 7.3 – SI77995
    • Release 7.2 – SI78002
    • Release 7.1 – SI78040

    Here is the rundown of PTF Groups by IBM i release level:

    PTF …

    Read more
  • IBM i PTF Guide, Volume 24, Number 2

    January 12, 2022 Doug Bidwell

    The Log4j and Log4Shell saga continues here in the second edition of the IBM i PTF Guide in 2022, which is a fast follower to the one we published just two days ago. IBM has issued a new Security Bulletin, explaining that IBM i components are affected by CVE-2021-4104 (Log4j version 1.X), and the full details about the security exposure and mitigation techniques can be found at this link.

    Here are the affected products and their versions:

    • IBM Navigator for i (heritage version only): IBM i 7.4, 7.3, and 7.2 – the heritage version
    • Integrated Web Services Server (IWS):
    …

    Read more
  • IBM i PTF Guide, Volume 24, Number 1

    January 10, 2022 Doug Bidwell

    While we were away on holiday, the Log4J and Log4Shell vulnerabilities hit the enterprise systems of the world, including the IBM i platform. So right off the bat here with the first edition of The IBM i PTF Guide in 2022, we want to point you to Big Blue’s Log4j/Log4Shell on IBM i update, which will help you figure out if you are vulnerable. See more at this link.

    Here are the Security Bulletins for this:

    Security Bulletin: Vulnerability in Apache Log4j (CVE-2021-44228) affects Power HMC V9

    Security Bulletin: Vulnerability in Apache Log4j (CVE-2021-44228) affects Power HMC V8

    Security …

    Read more

Previous Articles Next Articles

Content archive

  • The Four Hundred
  • Four Hundred Stuff
  • Four Hundred Guru

Recent Posts

  • IBM i 7.3 TR12: The Non-TR Tech Refresh
  • IBM i Integration Elevates Operational Query and Analytics
  • Simplified IBM i Stack Bundling Ahead Of Subscription Pricing
  • More Price Hikes From IBM, Now For High End Storage
  • Big Blue Readies Power10 And IBM i 7.5 Training for Partners
  • IBM Delivers More Out-of-the-Box Security with IBM i 7.5
  • Groundhog Day For Malware
  • IBM i Community Reacts to IBM i 7.5
  • Four Hundred Monitor, May 11
  • IBM i PTF Guide, Volume 24, Number 19

Subscribe

To get news from IT Jungle sent to your inbox every week, subscribe to our newsletter.

Pages

  • About Us
  • Contact
  • Contributors
  • Four Hundred Monitor
  • IBM i PTF Guide
  • Media Kit
  • Subscribe

Search

Copyright © 2022 IT Jungle