• Multiple Security Vulnerabilities Patched on IBM i

  June 22, 2022 Alex Woodie

  In recent weeks, IBM has disclosed a handful of vulnerabilities in its IBM i operating system and related IBM i products, including Db2 Mirror, WebSphere, Navigator for i, the Java development and runtime tools, and OmniFind Text Search Server. IBM has shipped PTFs for the security problems, which range in severity from medium to high.

  IBM warned of security holes in the HTTP Server (the one powered by Apache) in a June 13 security bulletin. The flaws, identified as CVE-2022-22720 and CVE-2022-22721, carry the risk of a HTTP request smuggling that could poison the Web cache, bypass firewalls, and …

  Read more

• IBM i PTF Guide, Volume 24, Number 8

  February 23, 2022 Doug Bidwell

  Wake up! There is a new security vulnerability in the Java stack within IBM i. See Security Bulletin: IBM Java SDK and IBM Java Runtime for IBM i are affected by CVE-2021-234, which you can read at this link. The IBM i Group PTF numbers containing the fix for the CVE follows. Future Group PTFs for Java will also contain the fix for this CVE:

  • Release 7.4: SF99665 level 13
  • Release 7.3: SF99725 level 24
  • Release 7.2: SF99716 level 34

  To help you with the Log4j security vulnerability, we have created a supplemental spreadsheet as a companion to the …

  Read more

• IBM i PTF Guide, Volume 23, Number 43

  October 27, 2021 Doug Bidwell

  It’s time for another security alert. Check out Security Bulletin: IBM Java SDK and IBM Java Runtime for IBM i are affected by CVE-2021-2369 and CVE-2021-2432, which you can see at this link. Here are the patches by release:

  • Release 7.4 – SF99665 level 12
  • Release 7.3 – SF99725 level 23
  • Release 7.2 – SF99716 level 33
  • Release 7.1 – SF99572 level 47

  Here is the rundown of PTF Groups by IBM i release level:

  PTF Groups 7.4:

  • HIPERs (High Impact/Pervasive)
  • Backup Recovery Solutions

  PTF Groups 7.3:

  • Backup Recovery Solutions

  PTF Groups 7.2:

  • Backup Recovery Solutions

  PTF Groups 7.1: …

  Read more

• IBM i PTF Guide, Volume 23, Number 13

  March 31, 2021 Doug Bidwell

  There is a lot of stuff going on this week. First, there are patches for Db2 Web Query, but only for IBM i 7.3 and IBM i 7.4, and we have to wonder if this will eventually be backported to IBM i 7.2 and maybe even IBM i 7.1 given that release has been given extended extended support and is not available on Power9 in limited form in logical partitions.

  There are also three security issues affecting the IBM i platform, as follows:

  • Security Bulletin: IBM Java SDK and IBM Java Runtime for IBM i is affected by CVE-2020-14803 and

  …

  Read more

• IBM i PTF Guide, Volume 22, Number 40

  October 7, 2020 Doug Bidwell

  Are you feeling vulnerable today? Well, even if you are not, your IBM i system is. There are two security bulletins that relate to Java that are affecting the IBM i platform. Specifically, there was a Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM i, which you can see here and Security Bulletin: IBM Java SDK and IBM Java Runtime for IBM i is affected by CVE-2020-2590, which you can see there.

  The IBM i Group PTF numbers containing the fix for these CVEs are the latest Java Group PTFs in the IBM …

  Read more

Next Articles