User Tools

Site Tools


aix:aix_internet_updates

This is an old revision of the document!


AIX update packages

Update efix (or ifix)

The tool is included with AIX 7.2 and AIX 7.3. It is delivered with the bos.rte.install AIX fileset. This requires an internet connection. It allows to download and install security fix

  • emgr_check_ifixes
  • emgr_download_ifix
# emgr_check_ifixes
Gathering system information
+-----------------------------------------------------------------------------+
p0.mtm=8284-22A
p0.fw=SV860_212
p0.parnm=apollo
p0.os=aix
p0.aix=7300-02-01-2346
+-----------------------------------------------------------------------------+
Checking interim fixes on the system ...
+-----------------------------------------------------------------------------+
ID  STATE LABEL      INSTALL TIME      UPDATED BY ABSTRACT
====== ================ ================= ========== ======================================
1    S    IJ49378m1d 02/06/24 23:23:27            IJ49378 EFIXTOOLS MULTI-FIX
Searching for AIX security fixes ...
+-----------------------------------------------------------------------------+
Recommended ifixes, please wait..parsing
===============================================================================
38408m9a        AIX is vulnerable to unauthorized file access and arbitrary code execution due to OpenSSH        https://aix.software.ibm.com/aix/efixes/security/openssh_fix15.tar
CVE-2023-5363   AIX is vulnerable to a denial of service (CVE-2023-5678 CVE-2023-6129 CVE-2023-6237) and an attacker may obtain sensitive information (CVE-2023-5363) due to OpenSSL     https://aix.software.ibm.com/aix/efixes/security/openssl_fix40.tar
curl7791mb      Multiple vulnerabilities in cURL libcurl affect AIX      https://aix.software.ibm.com/aix/efixes/security/curl_fix3.tar

Vulnerability fixes are not downloaded

emgr_check_ifixes

  • -D automatically download the required fixes to the host in /tmp/ifix_${PID}

Download a specific efix

# emgr_download_ifix -L https://aix.software.ibm.com/aix/efixes/security/ntp_fix14.tar -P .
# emgr -lv3 | tail -18

APAR information:
=================
APAR number:      IJ49378
APAR abstract:    crl download fails after change in certificate server
APAR number:      IJ49379
APAR abstract:    emgr_download_ifix fails with ssl connection failed
APAR number:      IJ49220
APAR abstract:    default download path of emgr_check_ifixes is /tmp/ifix

Description:
============
IJ49378 - crl download fails after change in certificate server
IJ49379 - emgr_download_ifix fails with ssl connection failed
IJ49220 - default download path of emgr_check_ifixes is /tmp/ifix
aix/aix_internet_updates.1722610885.txt.gz · Last modified: 2024/08/02 17:01 by manu