• OpenSSL Flaw No ‘Heartbleed,’ But Other New Vulns Detected

  November 2, 2022 Alex Woodie

  The cybersecurity world has been sitting on pins and needles for the past 48 hours, ever since news of a potentially devastating new flaw in OpenSSL started to leak out early Monday morning. That flaw turned out to be not as bad as initially feared, but that shouldn’t stop IBM i shops from patching other recent flaws, including some pretty serious ones in WebSphere Liberty, Java, the CCA, and Zlib.

  News started to emerge earlier this week of a critical OpenSSL flaw that required the utmost attention. The flaw could be a concern for just about everybody, including IBM, …

  Read more

• IBM i PTF Guide, Volume 24, Number 31

  August 3, 2022 Doug Bidwell

  As often happens with systems software these days, there are a bunch of new security vulnerabilities with the IBM i stack that you need to be aware of.

  First, there is Security Bulletin: OpenSSL for IBM i is vulnerable to arbitrary command execution (CVE-2022-2068), which you can find out more about at this link. The IBM i PTF numbers contain the fix for the vulnerability:

  IBM i Release	5733-SC1	PTF Number
  7.5		SI80588
  		7.4, 7.3, 7.2	SI80587
  

  Then there is Security Bulletin: IBM WebSphere Application Server Liberty is vulnerable to Identity Spoofing (CVE-2022-22476), which you can find out more …

  Read more

• More IBM i Security Flaws Revealed

  July 13, 2022 Alex Woodie

  The summer slowdown might have started in your particular business, but things are just getting warmed up IBM security researchers, who disclosed a series of new vulnerabilities across IBM i products over the past couple of weeks, including IBM i Merlin, WAS Liberty, OpenSSL, the Digital Certificate Manager, and Zlib.

  On June 27, IBM disclosed that the collection of open source and proprietary tools and technology it’s brought together as IBM i Modernization Engine for Lifecycle Integration (Merlin) suffers from no fewer than 16 separate security flaws.

  Among the most series of these flaws is a CVE-2022-22965, a data binding …

  Read more

• IBM i PTF Guide, Volume 24, Number 17

  April 27, 2022 Doug Bidwell

  It was a pretty quiet week in PTF Land, which stands to reason given the various holidays and the Spring Break that a lot of people had last week. It probably won’t last long, so take the downtime while you have it. There is stuff you need to deal with, of course.

  One reminder: A new build for Access Client Services (ACS) 1.1.9.0 is available for download (2170).

  Here is the rundown of PTF Groups by IBM i release level since we last published:

  PTF Groups 7.4:

  • HIPERs
  • Security
  • Backup Recovery Solutions
  • TCP/IP
  • QMGTOOLS

  PTF Groups 7.3:

  • HIPERs
  • Security
  • Backup

  …

  Read more

• No Plan To Support New Nav on Older IBM i Releases, IBM Says

  January 19, 2022 Alex Woodie

  IBM has no plans to support the new version of Navigator for i (i.e., “New Nav”) with older releases of the operating system, despite the existence of the severe Log4j security flaw in the heritage version of Navigator (“Old Nav”). The early, unexpected death of Old Nav also will hasten the adoption of New Nav for customers on current releases, and New Nav will become the default version with an update in March, IBM says.

  Earlier this month, IBM announced that no security patches would be forthcoming for Old Nav, which uses the Log4j code at the heart of a …

  Read more

• IBM Patches Nine Security Flaws in IBM i

  September 29, 2021 Alex Woodie

  IBM patched issued three security bulletins Friday alerting IBM i users to the availability of patches for nine newly disclosed security vulnerabilities in OpenSSL, HTTP Server, and a WebSphere Liberty components. Some of the vulnerabilities are potentially serious and should be patched immediately.

  IBM patched two security flaws its OpenSSL API that potentially could have devastating consequences on impacted systems, including enabling a hacker to take over the server, to read sensitive information, and execute a denial of service (DOS) attack. IBM patched these flaws in IBM i 7.1 through 7.4, according to the security bulletin, which you can read …

  Read more

• Calling All IBM i Platforms. . .

  August 16, 2021 Daniel Magid

  In a microservices world, all elements of what used to be monolithic application programs are now chunks of code linked to each other using any number of application programming interfaces, or APIs. Those APIs can be based on a remote procedure call, or RPC, architecture, which is a kind of generic distributed client/server approach, or the REST – short for representational state transfer – architecture favored by parts of the commercial Web software stack that has dramatically grown in popularity in the past two decades. Either way – and in fact, there are more than two ways – APIs are …

  Read more

• Keeping Up With Open Source Security Updates

  May 26, 2021 Alex Woodie

  Open source is a source of technological innovation on IBM i, in multiple respects. But it also opens the platform up to additional security vulnerabilities. That’s why it’s important to stay on top of security patches, for the core operating system as well as the open source technologies that are helping to transform it.

  IBM does a good job of keeping up with security vulnerabilities are found in the operating system as well as the multitude of open source technologies that are included with it. In the last five weeks, IBM has issued several security bulletins for core open source …

  Read more

• What’s New In Open Source With The Latest TRs

  April 27, 2020 Alex Woodie

  New technology is exciting. And when it can help you run your business more profitably or efficiently, well, it becomes very exciting. With IBM i, the open source community is arguably the biggest contributor of new technology to the platform. IT Jungle recently checked in Jesse Gorzinski, the IBM i open source architect, to hear how the open source story has improved with the recent technology refreshes.

  Arguably the biggest open source-related enhancement with IBM i 7.4 TR2 and 7.3 TR8 revolves around a change in RPM, the new delivery method that IBM adopted two years ago to distribute new …

  Read more

• Samba Patch Caps Busy Year for IBM i Security

  December 4, 2019 Alex Woodie

  IBM last week patched a moderately severe security flaw in IBM i’s Samba implementation that could enable hackers to access data they really shouldn’t be able to access. The disclosure caps a rather busy second half of the year for security patches on IBM i that saw 26 emergency PTFs and Yum updates for Node.js, Python, the Apache HTTP Server, OpenSSL, ISC Bind, IBM Navigator, and even Db2 Mirror for IBM i.

  On November 26, IBM issued this security bulletin to let people know about the new flaw in the Samba client. The flaw could allow a hacker to not …

  Read more

Previous Articles