× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.



You beat me to the punch Paul. I was about to post exactly that.

For me, I'm running a multiple partition Power 9 S924 for my client at V7R2. Haven't been able to convince them to upgrade. I know that seems
Lame to most of you but it's their box and their decision. They're moving material to Salesforce. Even the cost of extended maint wouldn't budge the needle.

I agreed to take this on due to 2 retirements a few years back and it's been a really good role for me even if I am a consultant with little say. My role is to
Keep things running. And I have. Recently updated the HMC to V9R2M952 with MH01917 and 01VL950.092.045 (950.30) firmware.

Most if not all of the LOG4J V7R2 CVE PTF's are on the partitions.

That said, I was just planning out the latest Group PTF's, downtime dates, etc. When I read the IBM Notification, it is apparent
At V7R2, I'd have a lot of manual work to do if I had to use EIM SSO and/or do any DNS work via heritage Nav if I had to bring it up.

Mgmt is now evaluating a move to V7R3. Due to Domino nervousness, moving to V7R4 makes them quake in their boots.
They're still at 9.0.1 FP2. V7R3 only requires FP6 or higher. V7R4 requires Domino 10.0 or higher.

I'm hopeful they'll finally agree to upgrade. They don't know when the complete move to Salesforce will be and I ran into
That when I agreed to take this role on. As long as the IBM i is here, they keep renewing me in 6 month chunks.
I'll keep my skills current by grabbing some space on PUB400.com and practice on 7.3 & 7.4.


Very Respectfully,
Michael Mayer
IBM i on Power System Admin.
Tallahassee, Florida 32399-2300
Cell: 518.641.8906


Today's Topics:

1. RE: Security Bulletin: IBM i components are affected by
CVE-2021-4104 (log4j version 1.x) (2022.03.02)
(Steinmetz, Paul via MIDRANGE-L)


message: 1
date: Wed, 2 Mar 2022 19:18:44 +0000
from: "Steinmetz, Paul via MIDRANGE-L" <midrange-l@xxxxxxxxxxxxxxxxxx>
subject: RE: Security Bulletin: IBM i components are affected by
CVE-2021-4104 (log4j version 1.x) (2022.03.02)

Looks like IBM has issued PTFs to disable the heritage Navigator.

V7R3 - SF78120


IBM Navigator for i - heritage version uses log4j v1.x and cannot be updated to log4j v2.x or be removed from use. The issue can be fixed by discontinuing the use of the heritage version of IBM Navigator for i. The fix will disable the ADMIN2 server (where the heritage Navigator runs) from starting and running without user interaction. Additionally, the userdata runtime cache files (where the reference to log4j can be found) are deleted by this fix. The issue can be fixed by applying PTFs to IBM i. Releases 7.4, 7.3, and 7.2 of IBM i will be fixed.

It is strongly recommended that heritage Navigator not be used, however if there are key features required, heritage Navigator can be enabled and started temporarily at your own risk. To do so, refer to these instructions: https://www.ibm.com/support/pages/heritage-navigator-enable-and-disable-instructions

Note: If heritage Navigator is started, the userdata cache files are re-created and will have to be manually removed. Details are in the above link.

Statement of direction - IBM intends to update this bulletin in the future when a new HTTP Server group PTF level removes IBM Navigator for i heritage version by deleting all associated files from the system for IBM i 7.3 & 7.4 releases.

The IBM i PTF numbers containing the fixes follow. Future Group PTFs for HTTP Server will also contain the fixes for this CVE.

IBM i Release HTTP Server group PTF
IBM i 7.4 SF99662 level 19
IBM i 7.3 SF99722 level 38
IBM i 7.2 SF99713 level 49

Paul

From: IBM My Notifications <mynotify@xxxxxxxxxxxxxxxxxxxx>
Sent: Wednesday, March 2, 2022 9:21 AM
To: Steinmetz, Paul <PSteinmetz@xxxxxxxxxx>
Subject: Security Bulletin: IBM i components are affected by CVE-2021-4104 (log4j version 1.x) (2022.03.02)

________________________________
CAUTION: This email originated from outside of the PENCOR network. Do not click on any links or open attachments unless the sender is known, and the content is verified as safe.
________________________________




________________________________
Please note: Florida has very broad public records laws. Many written communications to or from The Florida Bar regarding Bar business may be considered public records, which must be made available to anyone upon request. Your e-mail communications may therefore be subject to public disclosure.

As an Amazon Associate we earn from qualifying purchases.

This thread ...

Follow-Ups:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.