• IBM i PTF Guide, Volume 27, Number 7

  February 17, 2025 Doug Bidwell

  How secure you feeling today? Well, IBM i is generally pretty rock solid, but you have to stay on top of the security vulnerabilities. And there are two of them that are new this week.

  First, we have Security Bulletin: IBM Java SDK and IBM Java Runtime for IBM i are vulnerable to a partial denial of service and a JNI function returning incorrect value length due to multiple vulnerabilities. You can find out more about this issue at this link, and here are the patches for it:

  IBM i Release                         PTF Group

  7.5                                             SF99955 Level 13

  7.4                                             SF99665 …

  Read more

• IBM i PTF Guide, Volume 26, Number 41

  October 21, 2024 Doug Bidwell

  Don’t get hyper about HIPERs, but there are some issues you need to deal with if you have moved to IBM i 7.5. High Impact / Highly Pervasive (HIPER) Issue Potential undetected data loss can occur on LPARs using NPIV with certain Fibre Channel adapters. Potential undetected data loss can occur on LPARs using NPIV over Fibre Channel adapters with the following Feature Codes:  EN1E/EN1F, EN1G/EN1H, EN1J/EN1K, EN2L/EN2M, and EN2N/EN2P.

  You can read about this HIPER PTF at this link.

  Now, there are also two security vulnerabilities on this week’s To Do list.

  First, we have Security Bulletin: IBM …

  Read more

• IBM i PTF Guide, Volume 26, Number 27

  July 15, 2024 Doug Bidwell

  Get your PTF patching fingers all cracked and stretched because you will be doing some typing this week. There are a three security issues you need to cope with and a slew of patches that run the gamut of subsystems on the platform. As usual, let’s start with the security vulnerabilities.

  First, we have Security Bulletin: IBM Java SDK and IBM Java Runtime for IBM i are vulnerable to a denial of service and bypassing security restrictions due to multiple vulnerabilities, which you can find out more about here. The patches for this issue, by IBM i release level, …

  Read more

• IBM i PTF Guide, Volume 26, Number 13

  April 8, 2024 Doug Bidwell

  Three is the magic number, as we all know. This week, there is another trio of vulnerabilities in parts of the IBM i software stack. And all three currently supported IBM i releases all have a slew of group patches as well. Let’s start with the vulnerabilities because these are always important to know about and deal with.

  First, we have Security Bulletin: IBM WebSphere Application Server Liberty is vulnerable to cross-site scripting (CVE-2024-27270), which you can find out more about at this link. The affected products include IBM WebSphere Application Server Liberty, versions 23.0.0.3 through 24.0.0.3 – who …

  Read more

• IBM i PTF Guide, Volume 26, Number 6

  February 12, 2024 Doug Bidwell

  This week we have three new security vulnerabilities, but first we want to remind you that you need to prepare firewalls and proxies for the upcoming infrastructure changes for IBM Call Home, Electronic Fix Distribution. This is considered HIPER by IBM (High Impact/Pervasive), which you can read about here. Public Internet IP addresses are changing for the IBM servers that support Call Home and electronic download of fixes for customer systems’ software, hardware, and operating system. This change pertains to all operating systems and applications connecting to IBM for electronic Call Home and fix download. If you have a …

  Read more

• IBM i PTF Guide, Volume 25, Number 49

  December 6, 2023 Doug Bidwell

  Welcome back to having to worry about security vulnerabilities and PTF patches. This week, there are two security vulnerabilities, a set of patches for IBM i 7.2, and HIPERS for IBM i 7.4 and IBM i 7.5 – among other things. Let’s do the vulnerabilities to start.

  First, we have Security Bulletin: IBM Java SDK and IBM Java Runtime for IBM i are vulnerable to a remote attacker causing integrity impacts due to the libraries component (CVE-2023-22049), which you can find out more about here. The IBM i PTF Group numbers contain the fix for the vulnerability. Future PTF …

  Read more

• IBM i PTF Guide, Volume 25, Number 37

  September 18, 2023 Doug Bidwell

  There are a few things you can count on in life. Death. Taxes. Coffee. Beer. The love of a good woman. And a seemingly endless barrage of security vulnerabilities for every computing platform on Earth. There are a bunch of the latter that are new to the IBM i platform this week.

  First, we have Security Bulletin: OpenSSL and OpenSSH for IBM i are vulnerable to arbitrary code execution, denial of service, and security restrictions bypass due to multiple vulnerabilities, which you can find out more about at this link. The IBM i PTF number for 5733-SC1 contains the …

  Read more

• IBM i PTF Guide, Volume 25, Number 35

  September 11, 2023 Doug Bidwell

  We have been on hiatus for a few weeks, and there is a lot of stuff to catch up on. There are a slew of security vulnerabilities and a whole bunch of PTFs for the current releases of IBM i that you need to deal with. Let’s start with the security issues.

  First, we have Security Bulletin: IBM Java SDK and IBM Java Runtime for IBM i are vulnerable to denial of service, availability, integrity, and confidentiality impacts due to multiple vulnerabilities, which you can find out more about at this link. Here are the PTFs for this vulnerability: …

  Read more

• IBM i PTF Guide, Volume 25, Number 22

  June 5, 2023 Doug Bidwell

  Welcome back after the Memorial Day holiday, and our thanks to all who have served and who currently serve.

  There is a slew of security issues that you need to deal with on the IBM i platform. So let’s get to it.

  First, we have Security Bulletin: IBM Java SDK and IBM Java Runtime for IBM i are vulnerable to exposing sensitive information due to flaws and configurations (CVE-2023-30441), which you can find out more about here. The vulnerability can be fixed by applying the latest Java Group PTF.  Releases 7.5, 7.4, 7.3, and 7.2 of IBM i will …

  Read more

• IBM i PTF Guide, Volume 25, Number 7

  February 13, 2023 Doug Bidwell

  This week brought more security vulnerabilities in the airspace above us, and also around the world with weird sightings in the United States, Canada, China, and Russia. Now we have security vulnerabilities in open source code that is part of the IBM i stack.

  First, we have a Security Bulletin. IBM Java SDK and IBM Java Runtime for IBM i are vulnerable to bypassing security restrictions, denial of service attacks, and data integrity impacts due to multiple vulnerabilities, which you can find out more about at this link. There are fixes as shown below by IBM i release and …

  Read more

Previous Articles