This is an old revision of the document!
The tool is included with AIX 7.2 and AIX 7.3. It is delivered with the bos.rte.install AIX fileset. This requires an internet connection. It allows to download and install security fix
# emgr_check_ifixes Gathering system information +-----------------------------------------------------------------------------+ p0.mtm=8284-22A p0.fw=SV860_212 p0.parnm=apollo p0.os=aix p0.aix=7300-02-01-2346 +-----------------------------------------------------------------------------+ Checking interim fixes on the system ... +-----------------------------------------------------------------------------+ ID STATE LABEL INSTALL TIME UPDATED BY ABSTRACT ====== ================ ================= ========== ====================================== 1 S IJ49378m1d 02/06/24 23:23:27 IJ49378 EFIXTOOLS MULTI-FIX Searching for AIX security fixes ... +-----------------------------------------------------------------------------+ Recommended ifixes, please wait..parsing =============================================================================== 38408m9a AIX is vulnerable to unauthorized file access and arbitrary code execution due to OpenSSH https://aix.software.ibm.com/aix/efixes/security/openssh_fix15.tar CVE-2023-5363 AIX is vulnerable to a denial of service (CVE-2023-5678 CVE-2023-6129 CVE-2023-6237) and an attacker may obtain sensitive information (CVE-2023-5363) due to OpenSSL https://aix.software.ibm.com/aix/efixes/security/openssl_fix40.tar curl7791mb Multiple vulnerabilities in cURL libcurl affect AIX https://aix.software.ibm.com/aix/efixes/security/curl_fix3.tar Vulnerability fixes are not downloaded
emgr_check_ifixes
Download a specific efix
# emgr_download_ifix -L https://aix.software.ibm.com/aix/efixes/security/ntp_fix14.tar -P .
# emgr -lv3 | tail -18 APAR information: ================= APAR number: IJ49378 APAR abstract: crl download fails after change in certificate server APAR number: IJ49379 APAR abstract: emgr_download_ifix fails with ssl connection failed APAR number: IJ49220 APAR abstract: default download path of emgr_check_ifixes is /tmp/ifix Description: ============ IJ49378 - crl download fails after change in certificate server IJ49379 - emgr_download_ifix fails with ssl connection failed IJ49220 - default download path of emgr_check_ifixes is /tmp/ifix