Under Construction

Automatic Ifix Removal

Most ifixes are automatically removed when the technology level, service pack or PTF with the official fix is installed. Manually removing the Ifix before an update is not necessary in that case. However, many administrators are not entirely clear about some of the connections, such as the following:

    • Does an installed ifix have the ability to be removed automatically? This is not the case for all ifixes.
    • Does the technology level, service pack or PTF to be installed contain the official fix? Only in this case will the installed ifix be removed automatically.

To demonstrate the automatic removal of ifixes and to clarify the points mentioned, we will demonstrate this with three examples:

The starting point is a system with AIX 7.2 TL5 SP7 installed:

$ oslevel -s
7200-05-07-2346
$

There are no ifixes installed on the system:

# emgr -l
There is no efix data on this system.
#

In the directory /tmp/fixes we have stored the following 3 ifixes:

$ ls -l /tmp/fixes
total 19064
-rw-r--r--    1 root     system      9197129 Feb  1 08:44 81112ma.240224.epkg.Z
-rw-r--r--    1 root     system       884643 Feb  1 08:44 IJ50424s7a.240315.epkg.Z
-rw-r--r--    1 root     system       762219 Feb  1 08:44 IJ52366s7a.241113.epkg.Z
$

The 3 ifixes address the following bug fixes:

81112ma    - AIX is vulnerable to a machine-in-the-middle attack (CVE-2023-48795) arbitrary command execution (CVE-2023-51385) and information disclosure (CVE-2023-51384) due to OpenSSH
IJ50424s7a - AIX is vulnerable to email spoofing due to sendmail (CVE-2023-51765)
IJ52366s7a - AIX is vulnerable to denial of service (CVE-2024-47102 CVE-2024-52906) – TCPIP

In addition to installation, uninstallation and updates, we will also address the questions posed above.