IBM Java Runtime for IBM i Archives

IBM i PTF Guide, Volume 25, Number 7

February 13, 2023 Doug Bidwell

This week brought more security vulnerabilities in the airspace above us, and also around the world with weird sightings in the United States, Canada, China, and Russia. Now we have security vulnerabilities in open source code that is part of the IBM i stack.

First, we have a Security Bulletin. IBM Java SDK and IBM Java Runtime for IBM i are vulnerable to bypassing security restrictions, denial of service attacks, and data integrity impacts due to multiple vulnerabilities, which you can find out more about at this link. There are fixes as shown below by IBM i release and …
Read more
OpenSSL Flaw No ‘Heartbleed,’ But Other New Vulns Detected

November 2, 2022 Alex Woodie

The cybersecurity world has been sitting on pins and needles for the past 48 hours, ever since news of a potentially devastating new flaw in OpenSSL started to leak out early Monday morning. That flaw turned out to be not as bad as initially feared, but that shouldn’t stop IBM i shops from patching other recent flaws, including some pretty serious ones in WebSphere Liberty, Java, the CCA, and Zlib.

News started to emerge earlier this week of a critical OpenSSL flaw that required the utmost attention. The flaw could be a concern for just about everybody, including IBM, …
Read more
IBM i PTF Guide, Volume 24, Number 33

August 15, 2022 Doug Bidwell

First up, IBM has tweaked its temporary additional use policy for Power Systems software for migrations to Power E1080, Power E1050, and Power S1024 servers. You can read about it here.

Here is the significance of this. When you do an upgrade, you get 70 days from install to use the systems software for free. That can be extended once for 40 days, and then that can be extended again, once, for 3 days. After that, you have to beg for more if you need more time to do the upgrade. IBM doesn’t care about partitions, it’s the host …
Read more
Multiple Security Vulnerabilities Patched on IBM i

June 22, 2022 Alex Woodie

In recent weeks, IBM has disclosed a handful of vulnerabilities in its IBM i operating system and related IBM i products, including Db2 Mirror, WebSphere, Navigator for i, the Java development and runtime tools, and OmniFind Text Search Server. IBM has shipped PTFs for the security problems, which range in severity from medium to high.

IBM warned of security holes in the HTTP Server (the one powered by Apache) in a June 13 security bulletin. The flaws, identified as CVE-2022-22720 and CVE-2022-22721, carry the risk of a HTTP request smuggling that could poison the Web cache, bypass firewalls, and …
Read more
IBM i PTF Guide, Volume 24, Number 8

February 23, 2022 Doug Bidwell

Wake up! There is a new security vulnerability in the Java stack within IBM i. See Security Bulletin: IBM Java SDK and IBM Java Runtime for IBM i are affected by CVE-2021-234, which you can read at this link. The IBM i Group PTF numbers containing the fix for the CVE follows. Future Group PTFs for Java will also contain the fix for this CVE:
- Release 7.4: SF99665 level 13
- Release 7.3: SF99725 level 24
- Release 7.2: SF99716 level 34
To help you with the Log4j security vulnerability, we have created a supplemental spreadsheet as a companion to the …
Read more
IBM i PTF Guide, Volume 23, Number 43

October 27, 2021 Doug Bidwell

It’s time for another security alert. Check out Security Bulletin: IBM Java SDK and IBM Java Runtime for IBM i are affected by CVE-2021-2369 and CVE-2021-2432, which you can see at this link. Here are the patches by release:
- Release 7.4 – SF99665 level 12
- Release 7.3 – SF99725 level 23
- Release 7.2 – SF99716 level 33
- Release 7.1 – SF99572 level 47
Here is the rundown of PTF Groups by IBM i release level:

PTF Groups 7.4:
- HIPERs (High Impact/Pervasive)
- Backup Recovery Solutions
PTF Groups 7.3:
- Backup Recovery Solutions
PTF Groups 7.2:
- Backup Recovery Solutions
PTF Groups 7.1: …
Read more

Content archive

Recent Posts

Subscribe

Pages

Search

IBM i PTF Guide, Volume 25, Number 7

OpenSSL Flaw No ‘Heartbleed,’ But Other New Vulns Detected

IBM i PTF Guide, Volume 24, Number 33

Multiple Security Vulnerabilities Patched on IBM i

IBM i PTF Guide, Volume 24, Number 8

IBM i PTF Guide, Volume 23, Number 43

Content archive

Recent Posts

Subscribe

Pages

Search