OpenSSL Archives - IT Jungle

Samba Patch Caps Busy Year for IBM i Security

December 4, 2019 Alex Woodie

IBM last week patched a moderately severe security flaw in IBM i’s Samba implementation that could enable hackers to access data they really shouldn’t be able to access. The disclosure caps a rather busy second half of the year for security patches on IBM i that saw 26 emergency PTFs and Yum updates for Node.js, Python, the Apache HTTP Server, OpenSSL, ISC Bind, IBM Navigator, and even Db2 Mirror for IBM i.

On November 26, IBM issued this security bulletin to let people know about the new flaw in the Samba client. The flaw could allow a hacker to not …
Read more
What’s New With IBM i Customer Support

September 25, 2019 Alex Woodie

IBM is making big changes to its support program that will have a major impact on how IBM i customers interact with Big Blue, for both software and hardware support. Two weeks ago it announced that IBM i customers would be switched over from the old IBM Service Request tool to the new IBM My Support site. IBM is also expanding support for open source software on IBM i.

IBM has been testing the new IBM Support site, www.ibm.com/mysupport, for over a year for various customer groups and geographies. On September 14, the company announced that it was cutting …
Read more
IBM Patches Privilege Escalation Flaw In Db2 Mirror

September 18, 2019 Alex Woodie

Much of the Western World may take August off, but apparently not hackers and other off-book computer enthusiasts, as IBM addressed several security problems across its IBM i software family last month. The list of security flaws include a privilege escalation flaw in Db2 Mirror and OpenSSL and BIND vulnerabilities in IBM i itself. Power Systems firmware and Sterling data integration products also saw patches.

The lowlight of the month’s security news arguably goes to Db2 Mirror, the new database clustering technology that IBM released in June with the delivery of IBM i 7.4. The software is designed to provide …
Read more
IBM i PTF Guide, Volume 21, Number 35

September 9, 2019 Doug Bidwell

Good people of IBM i Land, in this latest edition of the IBM i PTF Guide you will see that there are new HIPERs and Security groups for all four of the operating system releases. If you are on V7R1, please read the HIPER cover letter – there are over 100 fixes that are not on the cume and lots of dependencies. Please read and heed! And note that the PTFs for vulnerabilities below are not in this new Security group!

There is a new DB2 for IBM i group for version 7.2, and a new version of MGTools …
Read more
IBM Patches New Security Flaws in Java, OpenSSL

April 3, 2019 Alex Woodie

IBM this week patched a series of flaws in IBM i’s Java environment, including a pair of very serious problems in the OpenJ9 runtime that could allow remote attackers to execute arbitrary code, in addition to a series of less-severe Java vulnerabilities. The company also fixed a new flaw found in IBM i’s OpenSSL implementation.

A total of seven Java flaws that impact IBM i versions 7.1 through 7.3 were addressed with one security bulletin issued by IBM on March 29. IBM issued Group PTFs for each release of the operating system to address them. A single OpenSSL flaw also …
Read more
IBM i PTF Guide, Volume 21, Number 13

April 3, 2019 Doug Bidwell

This week in the IBM i PTF Guide, we are obsessing about security. There is a security bulletin out that explains that there are multiple vulnerabilities in IBM Java SDK and IBM Java Runtime that affect IBM i. There is consequently a new Java Group for all three releases – IBM i 7.1, IBM i 7.2, and IBM i 7.3. See this link for further details.

There is also a separate security bulletin, CVE-2018-14647, relating to Python that affects IBM i, and this affects all three currently supported releases as well. See this link for the scoop. For Python 2.7 …
Read more
IBM Patches Security Flaws In IBM i

September 12, 2018 Alex Woodie

IBM last week shared details of two new OpenSSL vulnerabilities that are impacting all supported versions of IBM i. That came on the heels of two more vulnerabilities that were disclosed last month in IBM i’s Python implementation and the HTTP Server. All of the flaws have been patched by IBM.

IBM i 7.1, 7.2, and 7.3 are impacted by the pair of OpenSSL vulnerabilities disclosed by IBM on August 30. Neither of the flaws, which include CVE-2018-0732 and CVE-2018-0737, are particularly nasty, but they do open gaps in the platform’s security apparatus just the same, so it’s important to …
Read more
Multiple Security Vulnerabilities Reported In IBM i

April 30, 2018 Alex Woodie

IBM this month revealed an array of security vulnerabilities across IBM i middleware components, including OpenSSL, DHCP, and Java products. Most of the flaws were given a “high severity” rating, and all of them have been patched.

This week’s security fun starts with DHCP (Dynamic Host Configuration Protocol), which is used to automate the management and distribution of IP addresses within a network. According to the April 26 IBM security bulletin, IBM i 7.1, 7.2, and 7.3 are vulnerable to a pair of security vulnerabilities in the underlying DHCP protocol.

The first DHCP flaw, which is identified as CVE-2018-5732 …
Read more
2017: An IBM i Year In Review

December 13, 2017 Alex Woodie

It’s mid-December, which means it’s time to look back upon 2017 and reminisce on the biggest stories of the year for IBM i and the overall midrange community. From a pair of Technology Refreshes and the scheduled demise of IBM i 7.1 to acquisitions and security breaches, there was a lot to take in.

It all started off innocently enough in…

January

IBM has had a good run of not changing the name of the platform. In fact, it hadn’t changed the name since 2008, giving it a line of uninterrupted starts that even Giants quarterback Eli Manning could appreciate. …
Read more
Security Awareness: Eight More Patches For IBM i Vulns

February 27, 2017 Alex Woodie

National security awareness month isn’t until October, but that didn’t stop IBM from issuing a torrent of patches this month to address all kinds of security problems in its products. For IBM i specifically, Big Blue patched eight flaws found across the OpenSSH and OpenSSL libraries for the three IBM i OSes under support. The Power HMC also received numerous security patches, as did dozens of other IBM products.

OpenSSL and OpenSSH have been the source of numerous security vulnerabilities over the past three years, ever since the Heartbleed flaw was found in OpenSSL. As more flaws are found in …
Read more

Content archive

Recent Posts

Subscribe

Pages

Search

January

Content archive

Recent Posts

Subscribe

Pages

Search