• IBM i PTF Guide, Volume 25, Number 22

  June 5, 2023 Doug Bidwell

  Welcome back after the Memorial Day holiday, and our thanks to all who have served and who currently serve.

  There is a slew of security issues that you need to deal with on the IBM i platform. So let’s get to it.

  First, we have Security Bulletin: IBM Java SDK and IBM Java Runtime for IBM i are vulnerable to exposing sensitive information due to flaws and configurations (CVE-2023-30441), which you can find out more about here. The vulnerability can be fixed by applying the latest Java Group PTF.  Releases 7.5, 7.4, 7.3, and 7.2 of IBM i will …

  Read more

• Update On Critical Security Vulnerability In PowerVM

  May 24, 2023 Timothy Prickett Morgan

  Earlier this week, we told you about a very serious security vulnerability in the PowerVM hypervisor when running on Power9 and Power10 systems. IBM found the vulnerability itself and immediately set about to patch the vulnerability, which it revealed on May 17 along with patches to firmware in systems that are managed by the Hardware Management Console, or HMC.

  What was not necessarily apparent was that there are plenty of Power Systems customers who do not have HMCs managing their systems and the logical partitions upon them, and this is particularly true of the IBM i installed base, which …

  Read more

• IBM i PTF Guide, Volume 25, Number 21

  May 22, 2023 Doug Bidwell

  As we report elsewhere in this week’s edition of The Four Hundred, there is a critical security vulnerability in the PowerVM hypervisor when it is running on Power9 and Power10 systems.

  This HIPER/Pervasive patch is described as fixing this: An internally discovered vulnerability in PowerVM on Power9 and Power10 systems could allow an attacker with privileged user access to a logical partition to perform an undetected violation of the isolation between logical partitions which could lead to data leakage or the execution of arbitrary code in other logical partitions on the same physical server.

  The Common Vulnerability and Exposure …

  Read more

• IBM i PTF Guide, Volume 25, Number 19

  May 8, 2023 Doug Bidwell

  There are new cumulative updates this week, and a couple of security vulnerabilities that you need to be aware of, which we cover along with the normal PTF updates and defective PTF rundown that we do every week. Let’s start, as we often do, with the vulnerabilities.

  First, we have Security Bulletin: IBM WebSphere Application Server Liberty for IBM i. which is vulnerable to a server-side request forgery, a denial of service, an attacker obtaining sensitive information, and gaining elevated privileges due to multiple vulnerabilities. You can find out more about at this link. The issues can be fixed …

  Read more

• IBM i PTF Guide, Volume 25, Number 18

  May 1, 2023 Doug Bidwell

  A new week, a new security vulnerability in the IBM i platform. This time around, we have Security Bulletin: Vulnerability in libtasn1 (CVE-2021-46848) affects Power HMC, which you can read more about at this link. The Affected products and versions are: HMC V10.1.1010.0, HMC V10.2.1030.0, and HMC V9.2.950.0. The remediation/fixes for the vulnerability are:

  Product	VRMF			APAR		Remediation/Fix
  Power HMC	V9.2.950.0 SP3 ppc	MB04397	MH01954
  Power HMC	V9.2.950.0 SP3 x86	MB04396	MH01953
  Power HMC	V10.1.1020.0 SP1 ppc	MB04388	MF70701
  Power HMC	V10.1.1020.0 SP1 x86	MB04387	MF70700
  Power HMC	V10.2.1030.0 ppc	MB04401	MF70890
  Power HMC	V10.2.1030.0 SP1 x86	MB04400	MF70889
  

  …

  Read more

• IBM i PTF Guide, Volume 25, Number 17

  April 24, 2023 Doug Bidwell

  There are a lot of PTFs that you need to be aware of this week, but before we get into them, there are two security vulnerabilities, one affecting the IBM i platform’s integrated Apache Web server and the other affecting the combination of IBM i Access Client Solutions combined with the IBM Toolbox for Java. Let’s get into the security bulletins to start.

  First, we have Security Bulletin: IBM HTTP Server (powered by Apache) for IBM i is vulnerable to HTTP response splitting and denial of service attacks (CVE-2022-37436, CVE-2006-20001), which you can find out more about at this link …

  Read more

• IBM i PTF Guide, Volume 25, Number 16

  April 17, 2023 Doug Bidwell

  In a rare occurrence, there are no updates to the PTF Groups for the currently supported releases – IBM i 7.5, IBM i 7.4, and IBM i 7.3 – but there sure are a whole bunch of security vulnerabilities that IBM i shops have to deal with.

  First, there are two of them dealing with WebSphere Application Server Liberty. In PH50863:IBM WebSphere Application Server Liberty is vulnerable to a denial of service, which you can find out more about here and which deals with CVE-2023-24998 CVSS 7.5. Then there is PH52739:IBM WebSphere Application Server Liberty is vulnerable to a privilege …

  Read more

• IBM i PTF Guide, Volume 25, Number 15

  April 10, 2023 Doug Bidwell

  It is Spring Break in a lot of places, and also Easter and Passover as we go to press, and so it is not at all surprising that there is not a lot of activity in the IBM i PTF Guide this week. We took the opportunity to retire 7.2 worksheet, check the archives, and, DLB_PTF_04/01/23_B25N14.XLS for the last worksheet. Any changes to V7R2 going forward will be detailed here instead of the Guide.

  There are High Impact/Pervasive tweaks for all currently supported releases – IBM i 7.5, IBM i 7.4, and IBM i 7.3 – and a fix list …

  Read more

• IBM i PTF Guide, Volume 25, Number 14

  April 3, 2023 Doug Bidwell

  The IBM i 7.4 Technology Refresh 8 marker PTF is out, and we see it in HTTP Server Group 26. Nothing special so far, just the indication that it is out, but nothing on 7.3 or 7.5 groups, yet – only 7.4. Thank you, Jozef in New Zealand, for catching that, and sharing it! The Four Hundred collective thinks the IBM i TRs might be coming on April 11, but that has not been confirmed by Big Blue as yet.

  We mostly suspect this will happen because that is when ITJ Editor Alex Woodie scheduled a trip to Hawaii with …

  Read more

• IBM i PTF Guide, Volume 25, Number 13

  March 27, 2023 Doug Bidwell

  This week, the IBM i community has to take a look at two new security vulnerabilities. There are PTF updates for IBM Navigator for it that you need to look at. The updated details for the PTFs for Navigator for i are in the link in the ACS_NAV worksheet. And there is also a defective PTF you probably need to take a look at, too.

  Now, on to the security vulnerabilities.

  First, there is Security Bulletin: IBM WebSphere Application Server is vulnerable to cross-site scripting in the Admin Console (CVE-2023-26283), which you can find out more about here. For …

  Read more

Previous Articles Next Articles