IBM i Global

IBM i Global

Connect, learn, share, and engage with IBM Power.

 View Only

  • 1.  IBM i Access Client Solutions (ACS 1.1.9.2)

    Posted Tue April 11, 2023 09:16 AM

    I'll be durned if I can find it yet but both the 7.5-TR2 and the 7.4-TR8 say there's a new ACS out.



    ------------------------------
    Robert Berendt IBMChampion
    ------------------------------


  • 2.  RE: IBM i Access Client Solutions (ACS 1.1.9.2)

    Posted Wed April 12, 2023 12:31 AM

    Hi Rob, 

    I suspect it may be similar to when TR7, including ACS 1191,  was announced on 11 October 2022 with a planned GA date of 2 December (2022).
    But then ACS 1191 ended up being available for download early November ( I think it was the 7th). 
    Keen as mustard to install ACS 1192 too but I guess I have no choice but to be patient. 

    Regards,
    Jozsef



     



    ------------------------------
    Jozsef Torok
    ------------------------------

    Original Message


  • 3.  RE: IBM i Access Client Solutions (ACS 1.1.9.2)

    Posted Fri April 14, 2023 09:22 PM

    The latest release of IBM i ACS 1.1.9.2 is just available for download in the past 24 hours and here are details of its enhancements :  https://www.ibm.com/support/pages/ibm-i-access-acs-updates 



    ------------------------------
    Education is not the learning of facts but the training of the mind to think. -- Albert Einstein.
    ------------------------------
    Satid S.
    ------------------------------

    Original Message


  • 4.  RE: IBM i Access Client Solutions (ACS 1.1.9.2)

    Posted Sun April 16, 2023 04:50 PM

    Hi Satid, 

    I have been checking every day since TR8 was announced (not that I am impatient or anything... Ha!) 
    You have made my Monday (and I suspect Rob's as well). 

    Thank you very much,
    Jozsef. 



    ------------------------------
    Jozsef Torok
    ------------------------------

    Original Message


  • 5.  RE: IBM i Access Client Solutions (ACS 1.1.9.2)

    Posted Mon April 17, 2023 08:03 AM

    Thank you.  Just finished the installation.



    ------------------------------
    Robert Berendt IBMChampion
    ------------------------------

    Original Message


  • 6.  RE: IBM i Access Client Solutions (ACS 1.1.9.2)

    Posted Sun April 23, 2023 09:01 PM
    Edited by Satid Singkorapoom Sun April 23, 2023 09:05 PM

    I just found another good reason to upgrade to IBM i ACS 1.1.9.2 as this very recent IBM security bulletin (dated 21 April 2023) indicates vulnerability of older releases at   https://www.ibm.com/support/pages/node/6985321


    Security Bulletin: IBM i Access Client Solutions is vulnerable to an attacker obtaining sensitive information due to Java string processing in IBM Toolbox for Java (CVE-2022-43928)

    Security Bulletin


    Summary

    IBM i Access Client Solutions uses the IBM Toolbox for Java to access IBM i interfaces. IBM Toolbox for Java could allow sensitive information stored as Java strings to be obtained by an attacker as described in the vulnerability details section. IBM has addressed this CVE by providing a fix to IBM i Access Client Solutions as described in the remediation/fixes section.

    Vulnerability Details

    CVEID:   CVE-2022-43928
    DESCRIPTION:   The IBM Toolbox for Java (Db2 Mirror for i 7.4 and 7.5) could allow a user to obtain sensitive information, caused by utilizing a Java string for processing. Since Java strings are immutable, their contents exist in memory until garbage collected. This means sensitive data could be visible in memory over an indefinite amount of time. IBM has addressed this issue by reducing the amount of time the sensitive data is visible in memory. IBM X-Force ID: 241675.
    CVSS Base score: 4.9
    CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/241675 for the current score.
    CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N)

    Affected Products and Versions

    Affected Product(s) Version(s)
    IBM i Access Family All

    Remediation/Fixes

    The issue can be fixed by upgrading to version 1.1.9.2 or later.   See IBM i Access Client Solutions updates for the latest version available.

    Affected Product(s) Version(s) Remediation/Fix/Instructions
    IBM i Access Client Solutions 1.1.2 - 1.1.4,
    1.1.4.3 - 1.1.9.1

    The current version of IBM i Access Client Solutions is available at Downloads.

    Or you may download it from the general IBM i software site at
    Entitled Systems Support (ESS).

     

     



    ------------------------------
    Education is not the learning of facts but the training of the mind to think. -- Albert Einstein.
    ------------------------------
    Satid S.
    ------------------------------

    Original Message