Global Security Forum

 View Only
Expand all | Collapse all

Need generated ifix package for specific AIX: 7.2 TL5 SP4 due to security vulnerable to arbitrary command execution (CVE-2024-56346, CVE-2024-56347).

  • 1.  Need generated ifix package for specific AIX: 7.2 TL5 SP4 due to security vulnerable to arbitrary command execution (CVE-2024-56346, CVE-2024-56347).

    Posted Fri March 21, 2025 06:58 AM

    Hello AIX, NIM and security team,

    Today (21Mar), there many customer and IBMBP create case support about the "Security Bulletin: AIX is vulnerable to arbitrary command execution (CVE-2024-56346, CVE-2024-56347)"

    By navigate detail in "B.FIXES" topic in URL: Security Bulletin: AIX is vulnerable to arbitrary command execution (CVE-2024-56346, CVE-2024-56347)

    The Ifix package provided with specific AIX version such as 7.2.5.7 (or starting with 7.2.5.7 onward) for both NIM master and client.

    Q1: Is it possible to generate package by specific AIX version : 7.2 TL5 SP4?

    Q2: Is there any workaround solution while waiting until customer have a time to install ifix?

    Regards,
    Charin Kumjudpai.





    ------------------------------
    CHARIN KUMJUDPAI
    ------------------------------


  • 2.  RE: Need generated ifix package for specific AIX: 7.2 TL5 SP4 due to security vulnerable to arbitrary command execution (CVE-2024-56346, CVE-2024-56347).

    Posted Mon March 24, 2025 03:06 AM

    Hello Charin,

    you should open a Ticket at IBM support team, provide a snap and request that fix for the installed AIX version you have.

    kind regards



    ------------------------------
    Joerg Kauke
    Unix Administrator
    COOP Switzerland
    ------------------------------

    Original Message


  • 3.  RE: Need generated ifix package for specific AIX: 7.2 TL5 SP4 due to security vulnerable to arbitrary command execution (CVE-2024-56346, CVE-2024-56347).

    Posted Mon March 24, 2025 05:54 AM

    If you need an ifix for an old level, you need to open a support case, and request the ifix. 



    ------------------------------
    José Pina Coelho
    IT Specialist at Kyndryl
    ------------------------------

    Original Message