• IBM i PTF Guide, Volume 26, Number 23

  June 24, 2024 Doug Bidwell

  This week, there is only one security vulnerability in the IBM i stack, but there are a slew of PTF updates for the currently supported releases of the IBM i operating system.

  So to start with, there is Security Bulletin: IBM Rational Developer for i is vulnerable to leaked credentials due to a flaw in follow-redirects (CVE-2024-28849), which you can find out more about at this link. The issue affects IBM Rational Developer for i 9.8.0.0 through 9.8.0.1, and the issue can be fixed by installing fixpack 9.8.0.2.

  Here is the rundown of PTF Groups by IBM i release …

  Read more

• Thoroughly Modern: Still Making These Six IBM i Security Faux Pas? STOP!

  June 10, 2024 Alan Hamm

  As the backbone of many enterprise IT environments, IBM i platforms are known for their robustness, reliability, and security. However, even the most resilient systems are not immune to vulnerabilities if not properly managed.

  Despite their powerful capabilities, IBM i environments often suffer from outdated security practices that can expose your organization to significant risks. This article highlights the most common IBM i security faux pas and provides actionable mitigation strategies.

  The Most Common IBM i Security Challenges

  1. Outdated Operating System

  One of the simplest yet most overlooked steps to secure an IBM i environment is to keep the …

  Read more

• IBM i PTF Guide, Volume 26, Number 21

  June 10, 2024 Doug Bidwell

  Once again, here is a reminder that a big change has come to patching IBM i systems. IBM i APAR and PTF records have migrated to Known Issues records and Fix Information records to be consistent with other IBM patching systems for other platforms and software. So read up on it at this link.

  We also have one new security vulnerability that you need to be aware of since we last published the IBM i PTF Guide. The vulnerability is outlined in Security Bulletin: Denial of service vulnerabilities in Node.js affects IBM Rational Developer for i RPG and …

  Read more

• IBM i PTF Guide, Volume 26, Number 20

  June 3, 2024 Doug Bidwell

  Here is something you need to be aware of: IBM i APAR and PTF records have migrated to Known Issues records and Fix Information records to be consistent with other IBM patching systems for other platforms and software. So read up on it at this link here.

  And, as often happens, we also have three new security vulnerabilities to cope with.

  First, we have Security Bulletin: IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to an XML External Entity (XXE) injection vulnerability (CVE-2024-22354), which you can find out more about here. Here are the …

  Read more

• IBM i PTF Guide, Volume 26, Number 19

  May 20, 2024 Doug Bidwell

  You will need a little time to deal with some security vulnerabilities this week, so set aside some time. There is also a warning about infrastructure changes for electronic fixes from IBM and, for those of you who care, a new release of the IBM MQ message queuing middleware.

  You can find out about the new MQ 9.4, which delivers improved cross-platform connectivity, observability, and modernization capabilities, at this link. And  as for preparing customer firewalls and proxies for the upcoming infrastructure changes – Call Home, Electronic Fix Distribution – check out this link.

  That leaves the three …

  Read more

• IBM i PTF Guide, Volume 26, Number 18

  May 13, 2024 Doug Bidwell

  Well, this week is a little bit lighter when it comes to new security vulnerabilities in the IBM i stack, so that is a good way to start out the next five business days plus the extra that system admins often have to do because weekends are when it is safe to tweak systems.

  On the vulnerability front, we have Security Bulletin: IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to an XML External Entity (XXE) injection vulnerability (CVE-2024-22354), which you can find out more about at this link. Here is the list of affected …

  Read more

• Spring 2024 IBM i Technology Refresh Unveiled by IBM

  May 8, 2024 Alex Woodie

  IBM today took the wraps off the latest Technology Refresh for the IBM i platform. When IBM i 7.5 TR4 and 7.4 TR10 ship on June 14, customers will find enhancements such as Merlin version 2, new features in Navigator and ACS, security improvements, a couple of RPG enhancements, HA and DR enhancements, and a host of new SQL-based database services, among other capabilities.

  In addition to new features, which we’ll get to in a second, the launch of IBM i 7.5 TR4 and 7.4 TR10 is important for an unexpected reason: It will mark the beginning of IBM’s transition …

  Read more

• April Showers Bring May IBM i Security Vulnerabilities

  May 8, 2024 Alex Woodie

  IBM has patched more than a dozen security flaws in IBM i and related products this spring, including serious flaws in the operating system proper and the compilers, and a critical vulnerability in Administrative Runtime Expert that landed a nearly perfect CVSS Base score.

  In the interest of time, let’s cover the security vulnerabilities in descending order of severity. That means we’re starting with the worst and then moving on to the slightly less worse.

  ARE Flaw

  The flaw reported in the Administration Runtime Expert for i (ARE), which IBM launched in 2010 to make it easier to manage IBM …

  Read more

• IBM i PTF Guide, Volume 26, Number 17

  May 6, 2024 Doug Bidwell

  Some of the links in the IBM i PTF Guide appear to be broken, but don’t worry about them. IBM is in the process of changing the format of the Cover page for IBM i patches and a few of the links are stuck in the middle. We will attempt to get them back in synch by the next issue. This is the effect of the latest in IBM’s efforts to make the web information for IBM less verbose and more accessible. Any comments on such, please share!

  And now, some security vulnerabilities for IBM. Four, to be precise.

  First, …

  Read more

• IBM i PTF Guide, Volume 26, Number 16

  April 22, 2024 Doug Bidwell

  It is an interesting time out there in PTF Land, so brace yourself. There are four security bulletins and two security warnings about potential denial of service vulnerabilities. Let’s do the security bulletins first and then the denial of service issues.

  First, we have Security Bulletin: IBM i Access Client Solutions is vulnerable to an infinite loop or out of memory error due to vulnerabilities in Apache Commons Compress, which you can find out more about at this link. The affected product(s) include IBM i Access Family versions 1.1.2 – 1.1.4, and versions 1.1.4.3 – 1.1.9.4. The issue can …

  Read more

Previous Articles Next Articles