• IBM i PTF Guide, Volume 26, Number 41

  October 21, 2024 Doug Bidwell

  Don’t get hyper about HIPERs, but there are some issues you need to deal with if you have moved to IBM i 7.5. High Impact / Highly Pervasive (HIPER) Issue Potential undetected data loss can occur on LPARs using NPIV with certain Fibre Channel adapters. Potential undetected data loss can occur on LPARs using NPIV over Fibre Channel adapters with the following Feature Codes:  EN1E/EN1F, EN1G/EN1H, EN1J/EN1K, EN2L/EN2M, and EN2N/EN2P.

  You can read about this HIPER PTF at this link.

  Now, there are also two security vulnerabilities on this week’s To Do list.

  First, we have Security Bulletin: IBM …

  Read more

• IBM i PTF Guide, Volume 26, Number 40

  October 14, 2024 Doug Bidwell

  First off this week, there is a security vulnerability for you to deal with in your IBM i systems. Specifically, we have Security Bulletin: Vulnerability in MD5 Signature and Hash Algorithm affects IBM i (CVE-2015-7575), which you can read more about here. IBM i releases 6.1, 7.1. and 7.2 are supported and will be fixed as follows:

  5770-999, 5770-SS1:

  • Release 6.1.1 – MF60292
  • Release 7.1 – SI59229, MF61242, MF60291
  • Release 7.2 – SI59230, MF61243, MF60290

  5770-UME:

  • CIM 1.3: SI59244
  • CIM 1.4: SI59193

  Also, be aware of changes to data upload for IBM Support – Preparing customer firewalls and proxies …

  Read more

• IBM i PTF Guide, Volume 26, Number 39

  October 9, 2024 Doug Bidwell

  Brace yourself, there is lots of stuff going on in PTF Land this week. To begin with, there are three security vulnerabilities.

  First, we have Security Bulletin: IBM HTTP Server (powered by Apache) for IBM i is vulnerable to a remote attacker causing a denial of service, executing arbitrary code, and mapping URLs to filesystem locations due to multiple vulnerabilities. You can find out more about this vulnerability at this link. The patches are as follows, by release:

  7.5	SJ01738
  	SJ02179
  7.4	SJ01739
  	SJ02177
  7.3	SJ01752
  	SJ02176
  7.2	SJ01751
  	SJ02130
  

  Second, we have Security Bulletin: IBM i (V6.1, 7.1, …

  Read more

• IBM i PTF Guide, Volume 26, Number 38

  October 7, 2024 Doug Bidwell

  There is a hodge podge of stuff that you need to deal with this week when it comes to patching your IBM i system.

  First, there is a security vulnerability. Read all about it in Security Bulletin: Vulnerability in Node.js affects IBM Rational Developer for i RPG and COBOL + Modernization Tools, Java Edition (CVE-2024-36138), which you can find out more about at this link. The issue can be fixed by loading an interim fix. IBM strongly recommends addressing the vulnerability now by upgrading to Node.js 18.20.4. Please follow Upgrading the Node.js that is used by Cordova or NodeRed …

  Read more

• IBM i PTF Guide, Volume 26, Number 37

  September 23, 2024 Doug Bidwell

  This week, there are recommended fixes for the cryptographic services in the IBM i platform and Big Blue’s own cryptographic co-processors, which run encryption, decryption, and hashing algorithms on outboard compute engines rather than on the Power CPUs at the heart of the system. You can read about the recommended fixes for IBM i 7.2 here and for IBM i 7.3 there. As far as we know, there are not fixes for IBM i 7.4 or IBM i 7.5.

  Here is the rundown of PTF Groups by IBM i release level since we last published:

  PTF Groups 7.5:

  • HIPERs

  …

  Read more

• Summer of IBM i Vulnerabilities

  September 18, 2024 Alex Woodie

  IBM has patched more than two dozen software vulnerabilities in the IBM i stack over the past few months, including flaws in Merlin, MQ, OpenSSH, the Java stack, Db2, Performance Tools, and the HTTP Server (the one powered by Apache). Nine of the security vulnerabilities carry CVSS Base scores of 7 or higher, while one is above 8, making these serious security threats. If you haven’t applied the patches yet, you’re encouraged to do it soon.

  Working backwards from the most recent security bulletins, we start with September 5, when IBM issued patches for three vulnerabilities in Merlin, which officially …

  Read more

• IBM i PTF Guide, Volume 26, Number 36

  September 16, 2024 Doug Bidwell

  The Apache Web server and the WebSphere middleware that runs on top of it are not working together well. We have caught wind of the HTTP Apache Server Failing to Start After WebSphere 9.0 Fixpack Update. ‘HTP8091 HTTP Server post-configuration step failed’ Error in the HTTP Server Joblog, which you can find out more about here. After a WebSphere 9.0 fixpack update is applied, HTTP servers associated with a WebSphere 9.0 server fail to start and throw a “HTP8091 HTTP Server post-configuration step failed” error. Click on link above to see resolution.

  Also, there is a security vulnerability you …

  Read more

• IBM i PTF Guide, Volume 26, Numbers 34 And 35

  September 11, 2024 Timothy Prickett Morgan

  It is not only a relatively quiet time still for PTFs, but it is also Ketchup Week since The Four Hundred has been on a light publishing schedule during the past several weeks of the summer.

  We do have one security vulnerability and a few patches to deal with. First, we have Security Bulletin: IBM i Modernization Engine for Lifecycle Integration is vulnerable to multiple vulnerabilities, which you can find out more about here. The affected products include IBM i Modernization Engine for Lifecycle Integration 1.0 through 1.4.8 and 2.0 through 2.0.2.

  Here is the rundown of PTF Groups …

  Read more

• IBM i PTF Guide, Volume 26, Number 32

  August 19, 2024 Doug Bidwell

  You knew that this was not going to last forever. We had a few weeks where there were not any security vulnerabilities in the IBM i stack, and now you have three you need to attend to this week. There are some patches for WebSphere middleware as well.

  Let’s start with the security issues.

  First, we have Security Bulletin: Multiple Vulnerabilities in IBM Java SDK affect IBM WebSphere Application Server and IBM WebSphere Application Server Liberty due to July 2024 CPU, which you can read all about here. The affected products include:

  Affected Product(s)					Version(s)
  IBM WebSphere Application Server			

  …

  Read more

• IBM i PTF Guide, Volume 26, Number 31

  August 12, 2024 Doug Bidwell

  As we report elsewhere in this issue, the big news this week in IBM Software Land is a new release of Access Client Solutions, which is rolled out as a PTF update for the currently supported releases of the IBM i operating system. Our story is here, and the release notes are there.

  We did not see any new security vulnerabilities, which is always good news.

  Here is the rundown of PTF Groups by IBM i release level since we last published:

  PTF Groups 7.5:

  • IBM i Access Client Solutions V1.1.9.6
  • SAP Support Required PTF List for IBM

  …

  Read more

Previous Articles Next Articles