Under Construction
Automatic Ifix Removal
Most ifixes are automatically removed when the technology level, service pack or PTF with the official fix is installed. Manually removing the Ifix before an update is not necessary in that case. However, many administrators are not entirely clear about some of the connections, such as the following:
- Does an installed ifix have the ability to be removed automatically? This is not the case for all ifixes.
- Does the technology level, service pack or PTF to be installed contain the official fix? Only in this case will the installed ifix be removed automatically.
To demonstrate the automatic removal of ifixes and to clarify the points mentioned, we will demonstrate this with three examples:
The starting point is a system with AIX 7.2 TL5 SP7 installed:
$ oslevel -s
7200-05-07-2346
$
There are no ifixes installed on the system:
# emgr -l
There is no efix data on this system.
#
In the directory /tmp/fixes we have stored the following 3 ifixes:
$ ls -l /tmp/fixes
total 19064
-rw-r--r-- 1 root system 9197129 Feb 1 08:44 81112ma.240224.epkg.Z
-rw-r--r-- 1 root system 884643 Feb 1 08:44 IJ50424s7a.240315.epkg.Z
-rw-r--r-- 1 root system 762219 Feb 1 08:44 IJ52366s7a.241113.epkg.Z
$
The 3 ifixes address the following bug fixes:
81112ma - AIX is vulnerable to a machine-in-the-middle attack (CVE-2023-48795) arbitrary command execution (CVE-2023-51385) and information disclosure (CVE-2023-51384) due to OpenSSH
IJ50424s7a - AIX is vulnerable to email spoofing due to sendmail (CVE-2023-51765)
IJ52366s7a - AIX is vulnerable to denial of service (CVE-2024-47102 CVE-2024-52906) – TCPIP
In addition to installation, uninstallation and updates, we will also address the questions posed above.