PTF Archives - Page 4 of 44

IBM i PTF Guide, Volume 26, Number 44

November 11, 2024 Doug Bidwell

The number of patches slowed down last week, and we are not sure if that had anything to do with the election in the United States, but what we do know is we all got a break. And we will take it, and then get back to work.

There are a number of security vulnerabilities with WebSphere middleware, an issue with drive logging, and several fixes for TGTRLS in the RPG compilers.

First, we have Security Bulletin: IBM WebSphere Application Server is vulnerable to an XML External Entity Injection (XXE) vulnerability (CVE-2024-45086), which you can read about here. This …
Read more
IBM i PTF Guide, Volume 26, Number 43

November 6, 2024 Doug Bidwell

It is one of those quite weeks in PTF Land, and that is not surprising given the election that was underway as we went to press with this edition of The Four Hundred. This week, there are a bunch of PTF patches for the core IBM i releases that are still supported by Big Blue, but no security vulnerabilities that we could find and no weird things, either. Go figure.

Here is the rundown of PTF Groups by IBM i release level since we last published:

PTF Groups 7.5:
- Memo to Users
- RPG Café
- PowerHA Tools for IBM i
…
Read more
IBM i PTF Guide, Volume 26, Number 42

November 4, 2024 Doug Bidwell

Welcome to this week’s edition of the IBM i PTF Guide. Just a note of explanation to start off. In the Defective PTF section below, we only show you the first one for each release. Often there are more than one. If there is a new one that you haven’t encountered before, please follow the link in the Guide (for your release level) to get the complete list of defectives. And please review the special instructions – things sometimes become more complex the deeper you dig, especially with defectives.

Now, here is a bug for you in PowerHA. Some …
Read more
IBM i PTF Guide, Volume 26, Number 41

October 21, 2024 Doug Bidwell

Don’t get hyper about HIPERs, but there are some issues you need to deal with if you have moved to IBM i 7.5. High Impact / Highly Pervasive (HIPER) Issue Potential undetected data loss can occur on LPARs using NPIV with certain Fibre Channel adapters. Potential undetected data loss can occur on LPARs using NPIV over Fibre Channel adapters with the following Feature Codes: EN1E/EN1F, EN1G/EN1H, EN1J/EN1K, EN2L/EN2M, and EN2N/EN2P.

You can read about this HIPER PTF at this link.

Now, there are also two security vulnerabilities on this week’s To Do list.

First, we have Security Bulletin: IBM …
Read more
IBM i PTF Guide, Volume 26, Number 40

October 14, 2024 Doug Bidwell

First off this week, there is a security vulnerability for you to deal with in your IBM i systems. Specifically, we have Security Bulletin: Vulnerability in MD5 Signature and Hash Algorithm affects IBM i (CVE-2015-7575), which you can read more about here. IBM i releases 6.1, 7.1. and 7.2 are supported and will be fixed as follows:

5770-999, 5770-SS1:
- Release 6.1.1 – MF60292
- Release 7.1 – SI59229, MF61242, MF60291
- Release 7.2 – SI59230, MF61243, MF60290
5770-UME:
- CIM 1.3: SI59244
- CIM 1.4: SI59193
Also, be aware of changes to data upload for IBM Support – Preparing customer firewalls and proxies …
Read more
IBM i PTF Guide, Volume 26, Number 39

October 9, 2024 Doug Bidwell

Brace yourself, there is lots of stuff going on in PTF Land this week. To begin with, there are three security vulnerabilities.

First, we have Security Bulletin: IBM HTTP Server (powered by Apache) for IBM i is vulnerable to a remote attacker causing a denial of service, executing arbitrary code, and mapping URLs to filesystem locations due to multiple vulnerabilities. You can find out more about this vulnerability at this link. The patches are as follows, by release:
```
7.5	SJ01738
	SJ02179
7.4	SJ01739
	SJ02177
7.3	SJ01752
	SJ02176
7.2	SJ01751
	SJ02130
```
Second, we have Security Bulletin: IBM i (V6.1, 7.1, …
Read more
IBM i PTF Guide, Volume 26, Number 38

October 7, 2024 Doug Bidwell

There is a hodge podge of stuff that you need to deal with this week when it comes to patching your IBM i system.

First, there is a security vulnerability. Read all about it in Security Bulletin: Vulnerability in Node.js affects IBM Rational Developer for i RPG and COBOL + Modernization Tools, Java Edition (CVE-2024-36138), which you can find out more about at this link. The issue can be fixed by loading an interim fix. IBM strongly recommends addressing the vulnerability now by upgrading to Node.js 18.20.4. Please follow Upgrading the Node.js that is used by Cordova or NodeRed …
Read more
IBM i PTF Guide, Volume 26, Number 37

September 23, 2024 Doug Bidwell

This week, there are recommended fixes for the cryptographic services in the IBM i platform and Big Blue’s own cryptographic co-processors, which run encryption, decryption, and hashing algorithms on outboard compute engines rather than on the Power CPUs at the heart of the system. You can read about the recommended fixes for IBM i 7.2 here and for IBM i 7.3 there. As far as we know, there are not fixes for IBM i 7.4 or IBM i 7.5.

Here is the rundown of PTF Groups by IBM i release level since we last published:

PTF Groups 7.5:
- HIPERs
…
Read more
Summer of IBM i Vulnerabilities

September 18, 2024 Alex Woodie

IBM has patched more than two dozen software vulnerabilities in the IBM i stack over the past few months, including flaws in Merlin, MQ, OpenSSH, the Java stack, Db2, Performance Tools, and the HTTP Server (the one powered by Apache). Nine of the security vulnerabilities carry CVSS Base scores of 7 or higher, while one is above 8, making these serious security threats. If you haven’t applied the patches yet, you’re encouraged to do it soon.

Working backwards from the most recent security bulletins, we start with September 5, when IBM issued patches for three vulnerabilities in Merlin, which officially …
Read more
IBM i PTF Guide, Volume 26, Number 36

September 16, 2024 Doug Bidwell

The Apache Web server and the WebSphere middleware that runs on top of it are not working together well. We have caught wind of the HTTP Apache Server Failing to Start After WebSphere 9.0 Fixpack Update. ‘HTP8091 HTTP Server post-configuration step failed’ Error in the HTTP Server Joblog, which you can find out more about here. After a WebSphere 9.0 fixpack update is applied, HTTP servers associated with a WebSphere 9.0 server fail to start and throw a “HTP8091 HTTP Server post-configuration step failed” error. Click on link above to see resolution.

Also, there is a security vulnerability you …
Read more

Previous Articles Next Articles

Content archive

Recent Posts

Subscribe

Pages

Search