• IBM i PTF Guide, Volume 24, Number 17

  April 27, 2022 Doug Bidwell

  It was a pretty quiet week in PTF Land, which stands to reason given the various holidays and the Spring Break that a lot of people had last week. It probably won’t last long, so take the downtime while you have it. There is stuff you need to deal with, of course.

  One reminder: A new build for Access Client Services (ACS) 1.1.9.0 is available for download (2170).

  Here is the rundown of PTF Groups by IBM i release level since we last published:

  PTF Groups 7.4:

  • HIPERs
  • Security
  • Backup Recovery Solutions
  • TCP/IP
  • QMGTOOLS

  PTF Groups 7.3:

  • HIPERs
  • Security
  • Backup

  …

  Read more

• IBM i PTF Guide, Volume 24, Number 16

  April 20, 2022 Doug Bidwell

  It is a new week, and there are two new security vulnerabilities in the IBM i platform. First, there is Security Bulletin: IBM WebSphere Application Server Liberty for IBM i is vulnerable to spoofing and clickjacking attacks due to swagger-ui (CVE-2018-25031, CVE-2021-46708), which you can read more about here. The IBM i PTF numbers containing the fix for the CVEs:

  IBM i Release      5770-SS1 PTF Number      PTF Download Link

  7.4                          SI78971                                https://www.ibm.com/support/pages/ptf/SI78971

  7.3                          SI78972                                https://www.ibm.com/support/pages/ptf/SI78972

  7.2                          SI78973                                https://www.ibm.com/support/pages/ptf/SI78973

  Then there is Security Bulletin: OpenSSL for IBM i is vulnerable to a denial of service due to a flaw in …

  Read more

• IBM i PTF Guide, Volume 24, Number 14

  April 6, 2022 Doug Bidwell

  Get your PTF patching fingers ready to roll across the keyboard because there are some new security vulnerabilities in the IBM i platform. First up, Security Bulletin: IBM Db2 Web Query for i is vulnerable to denial of service in Apache Commons Compress (CVE-2021-36090), arbitrary code execution in Apache Log4j (CVE-2021-44832), and cross-site scripting in TIBCO WebFOCUS (CVE-2021-35493), which you can learn about here.

  Release 2.2.0 can be fixed by upgrading to release 2.2.1 or 2.3.0, depending on your IBM i release level:

  • IBM i 7.4: Upgrade to Db2 Web Query for i 2.3.0
  • IBM i 7.3: Upgrade to

  …

  Read more

• How Kyndryl’s IBM i Customer Base Benefits from the Big Blue Split

  March 30, 2022 Alex Woodie

  Now that IBM is done with the spin-out of its Global Technology Services (GTS) business, the company that resulted from that spin-out, Kyndryl, is free to pursue its own strategy. For Kyndryl’s considerable IBM i installed base, that freedom will result in a much broader array of technological options and services engagements becoming available to them.

  With 500 employees dedicated to supporting its IBM i customers, Kyndryl has one of the biggest IBM i services practices in the world, says Nicolas Le Van Dé, Kyndryl’s IBM i global offering manager.

  “I think we are the leader in terms of IBM …

  Read more

• IBM i PTF Guide, Volume 24, Number 13

  March 30, 2022 Doug Bidwell

  It’s pretty quiet on the PTF western front. Not that there isn’t always some kind of weird stuff going on . . . because, let me assure you, there is. IBM i customers have all kinds of weird things happening, and that ain’t no April Fool’s joke. But, mercifully, this week, as we end the first quarter and Spring is starting meteorologically as well as calendaricly – yes, I just made that word up – there are only a few things going on.

  Once again: To help you with the Log4j security vulnerability, we have created a supplemental spreadsheet as …

  Read more

• IBM i PTF Guide, Volume 24, Number 12

  March 23, 2022 Doug Bidwell

  And the security vulnerabilities just keep on a-coming. This time, it is with the WebSphere Application Server. Check out Security Bulletin: IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to Clickjacking (CVE-2021-39038), which you can read all about here. The affected products are WebSphere Application Server Liberty, versions 17.0.0.3 through 22.0.0.2 and WebSphere Application Server versions 9.0 through 9.0.5.11.

  Also, here some information: The default location of ACS is updated whenever there is a Cumulative update or upgrade to a OS level. (\\&SystemName\root\QIBM\ProdData\Access\ACS\Base). Here are fixes for this:

  • IBM i 7.4: SI77377 – ACS 1.1.8.8

  …

  Read more

• IBM i PTF Guide, Volume 24, Number 11

  March 16, 2022 Doug Bidwell

  This Log4j security vulnerability just keeps being more and more pesky. If you haven’t seen it yet, there is an update to a Security Bulletin called Due to use of Apache Log4j, OmniFind Text Search Server for DB2 for i is vulnerable to arbitrary code execution (CVE-2021-4104), which you can read all about at this link.

  The patches for each release are described in full here:

  OmniFind V1R5M0:

  • SI78753
  • SI78754
  • SI78755

  OmniFind V1R4M0

  • SI78756
  • SI78757
  • SI78758

  OmniFind V1R3M0

  • SI78751
  • SI78759
  • SI78760
  • SI78761

  To help you with the Log4j security vulnerability, we have created a supplemental spreadsheet as a companion …

  Read more

• IBM i PTF Guide, Volume 24, Number 10

  March 7, 2022 Doug Bidwell

  This week, there are a bunch of security bulletins about yet more new vulnerabilities, this time in the HTTP Server and the Samba Windows file server clone that are embedded in the IBM i operating system. There is also a partial mitigation against Log4j/Log4Shell vulnerabilities, and you may get a laugh or a cry out of this one. Maybe both. OK, probably both. Let’s go through them all.

  First, there is Security Bulletin: IBM HTTP Server (powered by Apache) for i is vulnerable to CVE-2021-44224, which you can read about here at this link. With this vulnerability, the Apache …

  Read more

• IBM i PTF Guide, Volume 24, Number 9

  February 28, 2022 Doug Bidwell

  Welcome to this week’s edition of the IBM i PTF Guide, and we start off with this notice from the support people at IBM, which indicates that a HIPER PTF patch may include longer Abnormal IPL times during C9002C20 SNADS recovery. We also wanted to point out that we have added two new tabs to the Guide, QMGtools and ACS-Navigator for i. These are links we have found when troubleshooting and are useful for a more global look at those products.

  Here is the rundown of PTF Groups by IBM i release level since we last published: …

  Read more

• IBM i PTF Guide, Volume 24, Number 8

  February 23, 2022 Doug Bidwell

  Wake up! There is a new security vulnerability in the Java stack within IBM i. See Security Bulletin: IBM Java SDK and IBM Java Runtime for IBM i are affected by CVE-2021-234, which you can read at this link. The IBM i Group PTF numbers containing the fix for the CVE follows. Future Group PTFs for Java will also contain the fix for this CVE:

  • Release 7.4: SF99665 level 13
  • Release 7.3: SF99725 level 24
  • Release 7.2: SF99716 level 34

  To help you with the Log4j security vulnerability, we have created a supplemental spreadsheet as a companion to the …

  Read more

Previous Articles Next Articles