• IBM Patches Privilege Escalation Flaw In Db2 Mirror

  September 18, 2019 Alex Woodie

  Much of the Western World may take August off, but apparently not hackers and other off-book computer enthusiasts, as IBM addressed several security problems across its IBM i software family last month. The list of security flaws include a privilege escalation flaw in Db2 Mirror and OpenSSL and BIND vulnerabilities in IBM i itself. Power Systems firmware and Sterling data integration products also saw patches.

  The lowlight of the month’s security news arguably goes to Db2 Mirror, the new database clustering technology that IBM released in June with the delivery of IBM i 7.4. The software is designed to provide …

  Read more

• IBM i PTF Guide, Volume 21, Number 35

  September 9, 2019 Doug Bidwell

  Good people of IBM i Land, in this latest edition of the IBM i PTF Guide you will see that there are new HIPERs and Security groups for all four of the operating system releases. If you are on V7R1, please read the HIPER cover letter – there are over 100 fixes that are not on the cume and lots of dependencies. Please read and heed! And note that the PTFs for vulnerabilities below are not in this new Security group!

  There is a new DB2 for IBM i group for version 7.2, and a new version of MGTools …

  Read more

• IBM Patches New Security Flaws in Java, OpenSSL

  April 3, 2019 Alex Woodie

  IBM this week patched a series of flaws in IBM i’s Java environment, including a pair of very serious problems in the OpenJ9 runtime that could allow remote attackers to execute arbitrary code, in addition to a series of less-severe Java vulnerabilities. The company also fixed a new flaw found in IBM i’s OpenSSL implementation.

  A total of seven Java flaws that impact IBM i versions 7.1 through 7.3 were addressed with one security bulletin issued by IBM on March 29. IBM issued Group PTFs for each release of the operating system to address them. A single OpenSSL flaw also …

  Read more

• IBM i PTF Guide, Volume 21, Number 13

  April 3, 2019 Doug Bidwell

  This week in the IBM i PTF Guide, we are obsessing about security. There is a security bulletin out that explains that there are multiple vulnerabilities in IBM Java SDK and IBM Java Runtime that affect IBM i. There is consequently a new Java Group for all three releases – IBM i 7.1, IBM i 7.2, and IBM i 7.3. See this link for further details.

  There is also a separate security bulletin, CVE-2018-14647, relating to Python that affects IBM i, and this affects all three currently supported releases as well. See this link for the scoop. For Python 2.7 …

  Read more

• IBM Patches Security Flaws In IBM i

  September 12, 2018 Alex Woodie

  IBM last week shared details of two new OpenSSL vulnerabilities that are impacting all supported versions of IBM i. That came on the heels of two more vulnerabilities that were disclosed last month in IBM i’s Python implementation and the HTTP Server. All of the flaws have been patched by IBM.

  IBM i 7.1, 7.2, and 7.3 are impacted by the pair of OpenSSL vulnerabilities disclosed by IBM on August 30. Neither of the flaws, which include CVE-2018-0732 and CVE-2018-0737, are particularly nasty, but they do open gaps in the platform’s security apparatus just the same, so it’s important to …

  Read more

• Multiple Security Vulnerabilities Reported In IBM i

  April 30, 2018 Alex Woodie

  IBM this month revealed an array of security vulnerabilities across IBM i middleware components, including OpenSSL, DHCP, and Java products. Most of the flaws were given a “high severity” rating, and all of them have been patched.

  This week’s security fun starts with DHCP (Dynamic Host Configuration Protocol), which is used to automate the management and distribution of IP addresses within a network. According to the April 26 IBM security bulletin, IBM i 7.1, 7.2, and 7.3 are vulnerable to a pair of security vulnerabilities in the underlying DHCP protocol.

  The first DHCP flaw, which is identified as CVE-2018-5732 …

  Read more

• 2017: An IBM i Year In Review

  December 13, 2017 Alex Woodie

  It’s mid-December, which means it’s time to look back upon 2017 and reminisce on the biggest stories of the year for IBM i and the overall midrange community. From a pair of Technology Refreshes and the scheduled demise of IBM i 7.1 to acquisitions and security breaches, there was a lot to take in.

  It all started off innocently enough in…

  January

  IBM has had a good run of not changing the name of the platform. In fact, it hadn’t changed the name since 2008, giving it a line of uninterrupted starts that even Giants quarterback Eli Manning could appreciate. …

  Read more

• Security Awareness: Eight More Patches For IBM i Vulns

  February 27, 2017 Alex Woodie

  National security awareness month isn’t until October, but that didn’t stop IBM from issuing a torrent of patches this month to address all kinds of security problems in its products. For IBM i specifically, Big Blue patched eight flaws found across the OpenSSH and OpenSSL libraries for the three IBM i OSes under support. The Power HMC also received numerous security patches, as did dozens of other IBM products.

  OpenSSL and OpenSSH have been the source of numerous security vulnerabilities over the past three years, ever since the Heartbleed flaw was found in OpenSSL. As more flaws are found in …

  Read more

Next Articles