Java SDK Archives - IT Jungle

IBM i PTF Guide, Volume 26, Number 19

May 20, 2024 Doug Bidwell

You will need a little time to deal with some security vulnerabilities this week, so set aside some time. There is also a warning about infrastructure changes for electronic fixes from IBM and, for those of you who care, a new release of the IBM MQ message queuing middleware.

You can find out about the new MQ 9.4, which delivers improved cross-platform connectivity, observability, and modernization capabilities, at this link. And as for preparing customer firewalls and proxies for the upcoming infrastructure changes – Call Home, Electronic Fix Distribution – check out this link.

That leaves the three …
Read more
ACS, Merlin Hit With Serious Security Vulnerabilities

December 11, 2023 Alex Woodie

Three serious security vulnerabilities in IBM i Access Client Solutions and six in Merlin were disclosed and patched by IBM last week. The flaws could allow attackers to commit a range of crimes, from executing arbitrary code and denial of service attacks, to obtaining sensitive data on IBM i conducting phishing attacks. All of the flaws – including another three reported by IBM in November – should be patched immediately.

IBM published a security bulletin December 8 covering all three of the ACS flaws, which impact ACS versions 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.3. The fix is to download …
Read more
Keeping Up With Open Source Security Updates

May 26, 2021 Alex Woodie

Open source is a source of technological innovation on IBM i, in multiple respects. But it also opens the platform up to additional security vulnerabilities. That’s why it’s important to stay on top of security patches, for the core operating system as well as the open source technologies that are helping to transform it.

IBM does a good job of keeping up with security vulnerabilities are found in the operating system as well as the multitude of open source technologies that are included with it. In the last five weeks, IBM has issued several security bulletins for core open source …
Read more
IBM i PTF Guide, Volume 22, Number 5

February 3, 2020 Doug Bidwell

Another day, another dollar. Another week, another batch of PTF patches for the IBM i stack.

So here is what has gone down. There are multiple vulnerabilities in the IBM Java SDK and the IBM Java Runtime that affect the IBM i platform. Fixes for the vulnerabilities are contained in current Java PTF group for all four releases. IBM recommends that all users running unsupported versions of affected products upgrade to supported and fixed versions of affected products.

Here is the rundown of the patches this week, by release.

PTF Groups 7.4:
- HIPERs (High Impact/Pervasive)
- SAP Support Required PTF List
…
Read more
IBM i PTF Guide, Volume 21, Number 13

April 3, 2019 Doug Bidwell

This week in the IBM i PTF Guide, we are obsessing about security. There is a security bulletin out that explains that there are multiple vulnerabilities in IBM Java SDK and IBM Java Runtime that affect IBM i. There is consequently a new Java Group for all three releases – IBM i 7.1, IBM i 7.2, and IBM i 7.3. See this link for further details.

There is also a separate security bulletin, CVE-2018-14647, relating to Python that affects IBM i, and this affects all three currently supported releases as well. See this link for the scoop. For Python 2.7 …
Read more
IBM i Vulns Spotted in Node, BIND and HTTP Server

September 6, 2017 Alex Woodie

IBM last month moved to patch several critical security vulnerabilities related to the BIND service in IBM i that could allow attackers unauthorized access to IBM i servers running any release of the OS from IBM 6.1 to 7.3. Security glitches were also patched for the IBM i implementation of Node.js, the HTTP Server bundled with IBM i, the hardware management console (HMC), and WebSphere.

Both ISC BIND vulnerabilities work in a similar way and enabled similar paths into affected systems – namely by allowing an attacker to craft a specially crafted request packet to bypass authentication and therefore gain …
Read more

Content archive

Recent Posts

Subscribe

Pages

Search

IBM i PTF Guide, Volume 26, Number 19

ACS, Merlin Hit With Serious Security Vulnerabilities

Keeping Up With Open Source Security Updates

IBM i PTF Guide, Volume 22, Number 5

IBM i PTF Guide, Volume 21, Number 13

IBM i Vulns Spotted in Node, BIND and HTTP Server

Content archive

Recent Posts

Subscribe

Pages

Search