• IBM i PTF Guide, Volume 24, Number 49

  December 7, 2022 Doug Bidwell

  It is another one of those weeks when there are a slew of security vulnerabilities to attend to. Four that we know of, to be precise.

  First, there is Security Bulletin: IBM WebSphere Application Server Liberty is vulnerable to a denial of service due to Google protobuf-java (CVE-2022-3171, CVE-2022-3509), which you can read more about at this link. This vulnerability affects IBM WebSphere Application Server Liberty versions 21.0.0.2 through 22.0.0.12.

  Second, there is Security Bulletin: ISC BIND on IBM i is vulnerable to denial of service due to memory leaks and a flaw in resolver code (CVE-2022-2795, CVE-2022-38177, CVE-2022-38178), …

  Read more

• IBM i PTF Guide, Volume 24, Number 48

  December 5, 2022 Timothy Prickett Morgan

  To start right off, there is a security vulnerability in the Hardware Management Console, so those of you who have larger Power Systems that have their logical partitions managed by this out-of-band controller had better listen up. Specifically, check out Security Bulletin: Vulnerability in Bind (CVE-2021-25219) affects Power HMC, which you can read about more here.

  The fixes for this security vulnerability are as follows:

  Product		VRMF			APAR			Remediation/Fix	
  Power HMC	V9.2.950.0 SP3 ppc	MB04373		MH01944
  Power HMC	V9.2.950.0 SP3 x86	MB04372		MH01943
  Power HMC	V10.1.1020.0 SP1 ppc	MB04363		MF70302
  Power HMC	V10.1.1020.0 SP1 x86	MB04362		MF70301
  

  As we …

  Read more

• IBM i PTF Guide, Volume 24, Number 47

  November 28, 2022 Doug Bidwell

  It is a busy, busy week for the IBM i PTF Guide, folks. So get some coffee. There are a bunch of security vulnerabilities that you need to take a look at, and there are also some recommended fixes that are not included in either the PTF groups or the cumulative PTF updates.

  First, there is Security Bulletin: IBM Transform Services for IBM i is vulnerable to denial of service, buffer overflow, and allowing attacker to obtain sensitive information due to multiple vulnerabilities, which you can read more about at this link. The fixes for this vulnerability can …

  Read more

• IBM i PTF Guide, Volume 24, Number 46

  November 14, 2022 Doug Bidwell

  This week, you will find much to your surprise that Access Client Solutions 1.1.9.1, which was promised for delivery on December 2 back at the NAViGATE 2022 COMMON conference in St Louis, is out a few weeks early. We saw it available and downloaded it on November 11, which means it is a few weeks early.

  ACS 1.1.9.1 follows on the heels of the 1.1.9.0 release that came out in April 2022, with mitigations for the Log4j security vulnerabilities. We don’t know the full set of enhancements yet, but this IBM i – ACS Updates page at Big Blue …

  Read more

• IBM i PTF Guide, Volume 24, Number 45

  November 7, 2022 Doug Bidwell

  Hello good people of IBM i Land. There’s a security vulnerability you need to take a look at to see if it affects your system, and a whole bunch of PTF patches for all kinds of things. Let’s start with the vulnerability, which you can see in Security Bulletin: Zlib for IBM i is vulnerable to a buffer overflow issue during inflate (CVE-2022-37434) and which you can find out more about here.

  This is not the same vulnerability in Zlib for IBM i that we told you about last week, so don’t think we are a skipping record here. …

  Read more

• OpenSSL Flaw No ‘Heartbleed,’ But Other New Vulns Detected

  November 2, 2022 Alex Woodie

  The cybersecurity world has been sitting on pins and needles for the past 48 hours, ever since news of a potentially devastating new flaw in OpenSSL started to leak out early Monday morning. That flaw turned out to be not as bad as initially feared, but that shouldn’t stop IBM i shops from patching other recent flaws, including some pretty serious ones in WebSphere Liberty, Java, the CCA, and Zlib.

  News started to emerge earlier this week of a critical OpenSSL flaw that required the utmost attention. The flaw could be a concern for just about everybody, including IBM, …

  Read more

• IBM i PTF Guide, Volume 24, Number 44

  October 31, 2022 Doug Bidwell

  Remember all of those quiet weeks in PTF Land when nothing much was going on? There is a whole bunch of stuff this week.

  First, starting October 26, IBM has enabled multi-factor authentication (MFA) for all its websites using IBMid. As a user on the Entitled Systems Support website, you are using IBMid to login, so you are impacted by the change. When you first login after the change is implemented, you will be asked to add an additional authentication method – either a code sent to your email or a supported mobile authenticator app available on Google Play Store …

  Read more

• New Nav Makes Progress, But Still Not Caught Up with Old Nav

  October 26, 2022 Alex Woodie

  The Technology Refreshes have brought IBM closer to completing the transition to the new Navigator from the old Navigator product, which is susceptible to the Log4j security vulnerability. While the advances in IBM i 7.5 TR1 and 7.4 TR7 will help customers, the new Navigator product will still not be at feature parity with old Nav when the plug is pulled on the heritage product at the end of the year.

  IBM has been encouraging its IBM i customer base to accelerate its adoption of the new Navigator, which debuted just over a year ago with the introduction of IBM …

  Read more

• Inside IBM i’s New Geospatial Functions For Db2

  October 24, 2022 Alex Woodie

  One of the more interesting elements of the recent IBM i Technology Refreshes is the addition of Watson-based geospatial functions to the Db2 for i relational database. According to IBM, the new capabilities will make it simpler and easier to incorporate advanced geospatial functions into IBM i applications.

  As its name implies, Db2 for i’s new geospatial functions allow people to compute data that has a geographical aspect to it. In this case, the geographical data takes the form of latitude and longitude readings on the Earth, and the functions provide ways to manipulate those points (as well as lines …

  Read more

• IBM i PTF Guide, Volume 24, Number 43

  October 24, 2022 Doug Bidwell

  We are happy to report that there are no new security vulnerabilities in the IBM i stack and related open-source software this week – at least as far as we know. So, rejoice in that. There are a bunch of HIPER PTFs and fixes for Java that span the current IBM i releases on support and extended support, so be aware of those.

  And just a reminder to keep checking out The Four Hundred in each issue as we drill down into new details related to the Tech Refreshes announced this month, and that are coming in December.

  Now, here …

  Read more

Previous Articles Next Articles