• The Four Hundred
  • Subscribe
  • Media Kit
  • Contributors
  • About Us
  • Contact
Menu
  • The Four Hundred
  • Subscribe
  • Media Kit
  • Contributors
  • About Us
  • Contact
  • IBM i PTF Guide, Volume 24, Number 12

    March 23, 2022 Doug Bidwell

    And the security vulnerabilities just keep on a-coming. This time, it is with the WebSphere Application Server. Check out Security Bulletin: IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to Clickjacking (CVE-2021-39038), which you can read all about here. The affected products are WebSphere Application Server Liberty, versions 17.0.0.3 through 22.0.0.2 and WebSphere Application Server versions 9.0 through 9.0.5.11.

    Also, here some information: The default location of ACS is updated whenever there is a Cumulative update or upgrade to a OS level. (\\&SystemName\root\QIBM\ProdData\Access\ACS\Base). Here are fixes for this:

    • IBM i 7.4: SI77377 – ACS 1.1.8.8
    …

    Read more
  • IBM Patches New Security Flaws in Java, OpenSSL

    April 3, 2019 Alex Woodie

    IBM this week patched a series of flaws in IBM i’s Java environment, including a pair of very serious problems in the OpenJ9 runtime that could allow remote attackers to execute arbitrary code, in addition to a series of less-severe Java vulnerabilities. The company also fixed a new flaw found in IBM i’s OpenSSL implementation.

    A total of seven Java flaws that impact IBM i versions 7.1 through 7.3 were addressed with one security bulletin issued by IBM on March 29. IBM issued Group PTFs for each release of the operating system to address them. A single OpenSSL flaw also …

    Read more
  • Pay Attention To JDK And WebSphere Release Support

    April 2, 2018 Timothy Prickett Morgan

    IBM i shops don’t have to use Big Blue’s WebSphere Application Server middleware to create Java, since some of the Java functions are built into the Apache Web server built into the operating system and open source programs like the Tomcat server, while not still supported, are nonetheless sometimes still used. Still other shops don’t go for the full-on WebSphere Application Server, but use the Express Edition that is bundled on the machine to provide a certain level of automation for Java workloads.

    IBM has been warning customers that they have to keep current on Java Development Kit (JDK) releases, …

    Read more
  • IBM Patches Another BIND Flaw In IBM i

    March 28, 2018 Alex Woodie

    A serious flaw has been discovered in the BIND networking service that could be used to launch a denial of service attack against impacted servers, including IBM i. IBM patched the flaw in every version of the OS from IBM i 6.1 to 7.3 with a program temporary fix (PTF) made available earlier this month. IBM also patched a serious flaw in WebSphere that could let information leak out.

    According to the IBM security bulletin issued March 12, the ISC BIND flaw known as CVE-2017-3145 has the potential to allow a remote attacker to crash a vulnerable server by sending …

    Read more
  • IBM Will Change WebSphere To Work In A Cloudy World

    March 26, 2018 Timothy Prickett Morgan

    If you had to pick one product that put IBM back on the map in software, it would have to be the WebSphere Application Server that was wrapped around the Apache Web server for the 1998 Winter Olympics in Nagano, Japan. That was back when Big Blue was the technology sponsor for the Olympics, and it used the summer and winter events, each held every four years and out of phase by two years, as a showcase for new technologies. Two years is a Moore’s Law gap, so it worked out nicely.

    WebSphere was the pet project of Tom Rosamilia, …

    Read more
  • IBM Patches ‘ROBOT’ Flaw in IBM i Crypto Library

    February 21, 2018 Alex Woodie

    IBM has issued patches to fix a serious security problem in the IBM Global Security Kit, or GSKit, a relatively obscure crypto package that implements SSL/TLS encryption algorithms across a variety of IBM products, including IBM i. An old flaw in the underlying RSA crypto algorithm that could let hackers decrypt data in a “side channel” attack has resurfaced under a new moniker: “ROBOT.”

    GSKit is an IBM toolkit that implements various encryption-related functions, including symmetric and asymmetric ciphers, random number generation, hashing algorithms, and encryption key management capabilities, for products that need over-the-wire encryption, including IBM i, Linux, and …

    Read more

Content archive

  • The Four Hundred
  • Four Hundred Stuff
  • Four Hundred Guru

Recent Posts

  • COMMON Set for First Annual Conference in Three Years
  • API Operations Management for Safe, Powerful, and High Performance APIs
  • What’s New in IBM i Services and Networking
  • Four Hundred Monitor, May 18
  • IBM i PTF Guide, Volume 24, Number 20
  • IBM i 7.3 TR12: The Non-TR Tech Refresh
  • IBM i Integration Elevates Operational Query and Analytics
  • Simplified IBM i Stack Bundling Ahead Of Subscription Pricing
  • More Price Hikes From IBM, Now For High End Storage
  • Big Blue Readies Power10 And IBM i 7.5 Training for Partners

Subscribe

To get news from IT Jungle sent to your inbox every week, subscribe to our newsletter.

Pages

  • About Us
  • Contact
  • Contributors
  • Four Hundred Monitor
  • IBM i PTF Guide
  • Media Kit
  • Subscribe

Search

Copyright © 2022 IT Jungle