• IBM i PTF Guide, Volume 26, Number 15

  April 15, 2024 Doug Bidwell

  Hey, this is interesting. We have no security vulnerabilities to report on this week for the IBM i platform. And this is also interesting. There is a new version of Access Client Solutions, called V1.1.9.5. We will be putting together a news story to talk about this, but in the meantime, we thought you should know that it is out. There ain’t a lot else going on, as you will see.

  Here is the rundown of PTF Groups by IBM i release level since we last published:

  PTF Groups 7.5:

  • IBM i Access Client Solutions V1.1.9.5
  • QMGTOOLS

  PTF Groups 7.4: …

  Read more

• IBM i PTF Guide, Volume 26, Number 14

  April 10, 2024 Doug Bidwell

  As we continue to “play ketchup” after the Easter holiday and have two issues of the IBM i PTF Guide this week, three is the actual magic number as we once again have three security vulnerabilities and an oddity that we became aware of over the weekend for the IBM i software stack. We will start with the security holes, as we always do.

  First, we have Security Bulletin: IBM WebSphere Application Server could provide weaker than expected security (CVE-2023-50313), which you can find out more about at this link. The affected versions include WebSphere Application Server 8.5 and …

  Read more

• IBM i PTF Guide, Volume 26, Number 13

  April 8, 2024 Doug Bidwell

  Three is the magic number, as we all know. This week, there is another trio of vulnerabilities in parts of the IBM i software stack. And all three currently supported IBM i releases all have a slew of group patches as well. Let’s start with the vulnerabilities because these are always important to know about and deal with.

  First, we have Security Bulletin: IBM WebSphere Application Server Liberty is vulnerable to cross-site scripting (CVE-2024-27270), which you can find out more about at this link. The affected products include IBM WebSphere Application Server Liberty, versions 23.0.0.3 through 24.0.0.3 – who …

  Read more

• The Low Down On Service Extension For IBM i 7.X Releases

  March 25, 2024 Timothy Prickett Morgan

  In the wake of our discussion two weeks ago of the long-lived releases of IBM i and OS/400 and how they compare in terms of technical support and bug fix coverage to Linux and Windows Server, we got a bunch of questions about just when the service extension – what we call extended support like other operating system vendors – would end.

  We understood the very high price that customers pay for service extension – as brilliantly outlined in a piece by Steve Pitcher back in October 2023, which showed the high price that the cumulative cost stacks up …

  Read more

• IBM i PTF Guide, Volume 26, Number 11

  March 18, 2024 Doug Bidwell

  This week in IBM i is sponsored by security vulnerabilities and precious little else. There are three security vulnerabilities that are new that you need to be aware of, so let’s get to it and let you get back to work.

  First, we have Security Bulletin: IBM Db2 Web Query for i is vulnerable to a remote attacker bypassing security restrictions or to denial of service, which you can read more about here. The fixes are as follows:

  IBM Db2 Web Query for i 		Release		OS Release
  5733WQX 		2.4.0		7.4 and 7.5
  				SI85982
  				SI85987
  

  Second, we have Security Bulletin: …

  Read more

• IBM i PTF Guide, Volume 26, Number 9

  March 4, 2024 Doug Bidwell

  IBM i 7.2 has been superseded a long time ago, but there is still a lot of it in the Power Systems installed base and Big Blue is still making updates to it for those customers who are stuck on the 7.2 release and who are stuck paying for extended support, which is very expensive. To that end, there is a new 720 Group HIPER, level 242, rolled up in PTF patch SF99719, which you can read about here.

  There are also two new security vulnerabilities for the IBM i stack.

  First, we have Security Bulletin: IBM WebSphere Application …

  Read more

• IBM i PTF Guide, Volume 26, Number 8

  February 26, 2024 Doug Bidwell

  It is a rare week when there is not some sort of security bulletin that affects all of the major operating systems, and this week is not one of those rare weeks. There are three security vulnerabilities affecting the current IBM i releases as well as a group of security patches for the vintage IBM i 7.2 release. Let’s get started with the security vulnerabilities, as is our common practice.

  First, we have Security Bulletin: Multiple Vulnerabilities in IBM Java SDK affect IBM WebSphere Application Server and IBM WebSphere Application Server Liberty due to January 2024 CPU, which you can …

  Read more

• IBM i PTF Guide, Volume 26, Number 7

  February 19, 2024 Doug Bidwell

  Aside from two new security vulnerabilities, it has been a pretty quiet week in IBM i PTF Land. There are some updates for the current releases of IBM i – that would be IBM i 7.4 and IBM i 7.5 that are both on standard support and IBM i 7.3 that is on extended support – and of course there are some new defective PTFs that Big Blue needs to make you aware of, as often happens because all modern platforms are complex and all of them sometimes have patches that have unintended consequences.

  Let’s start with the security issues, …

  Read more

• IBM Retired Db2 Web Query; It’s Time You Did, Too

  February 5, 2024 Bill Langston

  Just as you were returning to work to begin the new year, IBM published a security bulletin alerting Db2 Web Query customers that the software is “vulnerable to a remote attacker bypassing security restrictions or executing arbitrary code, to a local authenticated attacker obtaining sensitive information, or to denial of service.” The Four Hundred reported on the vulnerability in detail here.

  The security bulletin only references release 2.4.0 of the now withdrawn Db2 Web Query software, but we suspect that is only because IBM doesn’t test unsupported releases. We believe the security vulnerabilities listed in the bulletin also exist …

  Read more

• IBM i PTF Guide, Volume 26, Number 5

  February 5, 2024 Doug Bidwell

  Here is the latest on the mystery of the disappearing QSYS library. If you use SF99740 and SF99741 downloaded from this week, then there shouldn’t be any issues with applying any of the groups. The fixing PTF SI85707 is included in the latest DB group, even though it does not have a new level and does not have a cover letter. If you are using either of those Group PTF orders from prior weeks, then the workaround we described last week is the best course of action.

  Be careful here. When you order SF99740, you will receive several .bin files. …

  Read more

Previous Articles Next Articles