Fix Readme
Abstract
IBM MQ provides periodic maintenance releases (Fix Packs), and Cumulative Security Updates, for Version 9.3.0 Long Term Support (LTS). The following is a complete listing of available fixes grouped by maintenance delivery.
Content
This document describes fixes included in LTS maintenance releases and in LTS Cumulative Security Updates. For more information on the types of maintenance, see IBM MQ release types section of the product documentation.
| Release Type | Release Date | Total APARs | Security APARs | HIPER APARs | |
| IBM MQ 9.3.0.20 | Fix Pack | 26 June 2024 | 79 | 11 | 2 |
| IBM MQ 9.3.0.17 | Cumulative security update | 25 April 2024 | 13 | 7 | 3 |
| IBM MQ 9.3.0.16 | Cumulative security update | 29 February 2024 | 7 | 3 | 0 |
| IBM MQ 9.3.0.15 | Fix Pack | 14 December 2023 | 38 | 4 | 0 |
| IBM MQ 9.3.0.11 | Cumulative security update | 30 October 2023 | 2 | 1 | 0 |
| IBM MQ 9.3.0.10 | Fix pack | 30 August 2023 | 52 | 4 | 2 |
| IBM MQ 9.3.0.6 | Cumulative security update | 28 June 2023 | 7 | 4 | 0 |
| IBM MQ 9.3.0.5 | Fix pack | 27 April 2023 | 50 | 8 | 2 |
| IBM MQ 9.3.0.4 | Cumulative security update | 28 February 2023 | 3 | 1 | 1 |
| IBM MQ 9.3.0.3 | Cumulative security update | 26 January 2023 | 3 | 1 | 1 |
| IBM MQ 9.3.0.2 | Fix pack | 21 December 2022 | 70 | 12 | 2 |
| IBM MQ 9.3.0.1 | Fix pack | 22 September 2022 | 35 | 6 | 1 |
| IBM MQ 9.3.0.0* | Initial release (both Continuous Delivery and LTS) | 23 Jun 2022** | 54 | 43 | 7 |
* To view the fixes for the IBM MQ 9.3.0.0 initial release, see Fix list for IBM MQ Version 9.3.x Continuous Delivery.
** The listed release date applies to IBM MQ on distributed platforms. For the IBM MQ Appliance please see this statement of direction.
To download IBM MQ Fix and Refresh Packs follow this link. http://www.ibm.com/support/docview.wss?uid=swg27006037
Vulnerability risk information for IBM MQ can be found at Security Bulletin for IBM WebSphere MQ
Example table
| Security APAR | HIPER APAR | APAR |
Description
|
| ✓ | AB12345 |
Example of Security APAR: CVE-XXXX-XXXXX (security/integrity exposure) [CVSS base score 5.3]
|
|
| ✓ | ZY98765 |
Example of a HIPER APAR
|
Note: The CVSS scoring information, listed in the fix list tables, is accurate at the time of release. Review links contained in the referenced bulletins for additional information on scoring, including any retrospective changes to scores assigned by third parties.
IBM MQ 9.3.0.20 fix pack for Windows, UNIX, IBM i, IBM MQ Appliance
(Last modified: June 2024)
| Security APAR | HIPER APAR | APAR | Description |
| ✓ | IT45510 | IBM MQ CVE-2024-31919 [CVSS base score 5.9] | |
| ✓ | IT45607 | IBM MQ CVE-2024-31912 [CVSS base score 7.5] | |
| ✓ | IT45710 | IBM MQ CVE-2024-35116 and IBM MQ Appliance CVE-2024-35116 [CVSS base score 5.9] | |
| ✓ | IT45986 | IBM MQ CVE-2024-35156 [CVSS base score 6.5] | |
| ✓ | IT46058 | IBM MQ CVE-2024-27268, CVE-2023-51775, CVE-2024-22353, CVE-2024-22329, CVE-2024-22354, CVE-2024-22329, CVE-2024-22354, CVE-2024-25026 and IBM MQ Appliance CVE-2024-22329, CVE-2024-22354 [CVSS base score 7.5] | |
| ✓ | IT46074 | IBM MQ Appliance CVE-2024-2511 [CVSS base score 3.7] | |
| ✓ | IT46075 | IBM MQ Appliance CVE-2024-29041 [CVSS base score 6.1] | |
| ✓ | IT46155 | IBM MQ CVE-2024-21085 [CVSS base score 5.9] | |
| ✓ | IT46205 | IBM MQ Appliance CVE-2021-33631, CVE-2020-12762 [CVSS base score 7.8] | |
| ✓ | IT46217 | IBM MQ CVE-2024-35155 [CVSS base score 6.5] | |
| ✓ | IT46266 | IBM MQ Appliance CVE-2023-48795 [CVSS base score 5.9] | |
| IT38022 | Log more possible error conditions from amqiclen during installer/uninstaller processing | ||
| IT39543 | IBM MQ Bridge to Salesforce fails with AMQSF040E if the HTTP response is larger than 1 MiB. | ||
| IT41710 | CWSMQ0006E error and System.ArgumentNullException reported when attempting to connect to a version 9.2 or lower queue manager | ||
| IT42506 | MQ classes for Jakarta application throws an AssertionError using the Connection/Session toString() | ||
| IT42661 | When a RQSTR channel is started twice, a second RQSTR instance is incorrectly started with status "INITIALIZING" | ||
| IT42975 | Possibility of memory exception in IBM MQ diagnostic routine | ||
| IT43000 | IBM MQ managed .Net fails with MQRC_RFH_FORMAT_ERROR (2421) if the <usr> section of RFH2 header contains "$" | ||
| IT43178 | The channel pooling process might terminate due to a SIGSEGV in xcsWaitPid. | ||
| IT43502 | Managed .NET client using distributed transaction reports MQRC_HCONN_ERROR (2018) while using MQCNO_HANDLE_SHARE_NONE | ||
| IT43580 | 'mqconfig' utility reports incorrect required version of AIX forMQ 9.3 | ||
| IT43756 | In MQ managed XMS .Net 9.3: After the client reconnects asynchronous consumers are not automatically restarted | ||
| IT43791 | MQ application attempts to unload GSKit libraries when it had not loaded them | ||
| IT44106 | High CPU usage in MQ appliance when or after using dspmqerr command | ||
| IT44108 | IBM MQ MFT agent ends unexpectedly with a NullPointerException | ||
| IT44298 | Running the MQSC command 'DISPLAY AUTHINFO' might incorrectly show the 'LDAPPWD' parameter as EMPTY | ||
| IT44384 | Channel loops if a message on the transmit queue exceeds the MAXMSGL attribute of the Queue manager | ||
| IT44403 | MQ 9.3.x .Net core application encounters error MQRC 2219 when using security exits | ||
| IT44422 | When MFT Agent is started with -F option can see blank lines written to console/job control log. | ||
| IT44454 | MQ classes for JMS API threads may deadlock when the queue manager is configured to use SSLRKEYC | ||
| IT44458 | amqmfsck or crtmqm might fail unexpectedly on NFS file system on AIX | ||
| IT44510 | No specific warning is provided to users when a duplicate cluster receiver channel is inserted into the cache with a mismatched queue manager name to one that already exists. | ||
| IT44532 | The runmqicred command reports "error while loading shared libraries: libmqml_r.so" | ||
| IT44577 | High memory usage in amqrmppa process | ||
| IT44601 | Cannot delete a queue manager using the IBM MQ Web Console | ||
| IT44621 | IBM MQ Appliance: setamschl command might inject invalid characters into a configuration file when the "-d" flag is used. | ||
| IT44706 | IndexOutOfBoundsException can occur while logging a message to the transfer log, when source disposition of delete fails | ||
| IT44731 | MQ appliance queue manager does not end as expected when stoppedby suspending the appliance and subsequently fails to start | ||
| IT44741 | Unable to start or delete channel after scratchpad damage | ||
| IT44798 | A ICH408I error can occur after upgrading the WebSphere Liberty Profile used by the IBM MQ Console to 22.0.0.12 on z/OS | ||
| IT44910 | MQ trace on server incorrectly captures user message data duringclient MQGET when using the "-d 0" flag on strmqtrc | ||
| IT44949 | MQ .Net core application with security exit reports error 2273 (connection broken) if exit buffer size not divisible by 4 | ||
| IT44950 | MFT agent running as a Windows service fails to start with the error "%1 is not a valid Win32 application" | ||
| IT45020 | Using the IBM MQ Jakarta Resource Adapter IVT fails due to a missing WMQ_JAKARTA_IVT.war file | ||
| IT45035 | MQ 9.2.4 or later client pub/sub app cannot consume messages after reconnecting following a connection break | ||
| IT45060 | Managed File Transfer (MFT) agents report a BFGIO0076E errorwhen transferring data sets on extended attribute volumes | ||
| IT45074 | An MFT agent can receive BFGSS0024E due to receiving a 2127 when performing a PDS Member transfer | ||
| IT45102 | Having a platform value which is NOT OS400/UNIX/WINDOWS in the ProtocolBridgeProperties.xml is ignored silently | ||
| IT45106 | Add additional diagnostics to AT077013 atxAssociationRemove FDCs | ||
| IT45113 | SIGSEGV in reconnectable MQ client application | ||
| IT45128 | Increased memory usage after upgrading to MQ 9.3 | ||
| ✓ | IT45131 | Probe Id XC130004 SIGSEGV in rrmRecoClqMgrDelRemote function in amqrrmfa causes queue manager to fail | |
| IT45156 | HTTP POST requests submitted to the MQ REST API (mqweb) without Content-Type header "charset=UTF-8" are processed incorrectly | ||
| IT45179 | This is an administrative APAR to include Advanced VUE functionality in MQ Advanced. | ||
| IT45181 | XMS .NET applications connecting to a queue sharing group throw MQRC 6109 while closing the consumer | ||
| IT45206 | Intermittent timing issue where an MFT resource monitor may sendan unexpected 0 byte file. | ||
| IT45225 | Thirdparty component updates for fix pack 9.3.0.20 | ||
| IT45226 | MQ Appliance : HA control of a HA queue manager is in disabled state when it should be in enabled state | ||
| IT45247 | Additional information added into ZF225050 First failure data (FDC) file | ||
| IT45386 | MQ Appliance appliance sethagrp force migration(-f) not working if only secondary or replication interfaces unavailable | ||
| IT45390 | MQ Appliance runmqras "-section format" fails with "dspmqtrc: command not found" | ||
| IT45438 | An MQ JMS Client using TLSv1.3 GCM Cipher receives an RC=2009 and the Queue Manager generates an FDC with ProbeID CO373099. | ||
| IT45453 | FDC with probe XC130003 and application received RC 2009 (connection broken) on channel with RCVEXIT and SHARECNV(1) | ||
| IT45567 | MQ Appliance: crtdrprimary/crtdrsecondary command allows duplicate RecoveryName and RecoveryIP in command line | ||
| IT45625 | JMQI does not replace unmappable characters in the message body when indicated to do so. | ||
| IT45740 | Using the com.ibm.mq.headers.MQMD.copyFrom() method and MQ classes for Java can result in a NullPointerException | ||
| ✓ | IT45748 | Unable to start or delete channel after migrating queue manager to MQ 9.3 | |
| IT45784 | JMQI does not successfully recreate a temporary dynamic queue after being balanced in a Uniform Cluster. | ||
| IT45968 | Connection from a backlevel client sending an MQCSP structure isrejected when PasswordProtection=warn | ||
| IT45980 | Unable to access Crypto Configuration sections in the MQ Appliance webUI. | ||
| IT45984 | A new message to warn of support for FIPS 140-2 removal from MQ is displayed when using IBM JRE 8.0.8.25 or later. | ||
| IT46256 | Update to modver script for RDQM on RHEL 8.10 | ||
| IT46337 | Upgrade the JRE level for IBM MQ V9.3 to JAVA 8.0.8.25 for AIX, Linux, and Windows | ||
| SE80818 | 5725A49 "C CLIENT" INSTALL LOG ROLLOVER PROCESSING INCORRECT | ||
| SE80838 | GRTMQMAUT OBJ(*ALL) OBJTYPE(*Q) giving only *ADMDSP and other authorities are only partially processed | ||
| SE80841 | 5725A49 MQ "C CLIENT" ERROR LOGGING PER-USER ROLLOVER FAILURE | ||
| SE80842 | 5725A49 ERROR LOG SIZE CONTROL | ||
| SE80990 | Keystores created using the default runmqckm settings are not compatible with IBM i | ||
| SE81123 | MQ V9.3 CHGMQM SSLKEYRPWD() LOCK DOES NOT RELEASE STASH.STH. 5724H72 |
IBM MQ 9.3.0.17 cumulative security update for Windows, UNIX, IBM i, IBM MQ Appliance
(Last modified: 25 April 2024)
| Security APAR | HIPER APAR | APAR | Description |
| ✓ | ✓ | IT45110 | IBM MQ CVE-2024-25048 and IBM MQ CVE-2024-25048 [CVSS base score 7.5] |
| ✓ | IT45253 | IBM MQ CVE-2023-26159 and IBM MQ Appliance CVE-2023-26159 [CVSS base score 7.1] | |
| ✓ | IT45331 | IBM MQ CVE-2024-25015 [CVSS base score 7.5] | |
| ✓ | IT45642 | IBM MQ Appliance CVE-2023-28466 [CVSS base score 6.2] | |
| ✓ | IT45643 | IBM MQ Appliance CVE-2024-0727 [CVSS base score 3.1] | |
| ✓ | IT45762 | IBM MQ CVE-2024-20952 and CVE-2023-33850 [CVSS base score 7.5] | |
| ✓ | SE81096 | IBM MQ CVE-2024-0727 and CVE-2023-6237 [CVSS base score 3.1] | |
| IT43974 | MQ IPT reports MQCPE020 and MQCPE048 messages when extending thevalue 'MAXCONNECTIONTHREADS' . | ||
| ✓ | IT45131 | Probe Id XC130004 SIGSEGV in rrmRecoClqMgrDelRemote function in amqrrmfa causes queue manager to fail | |
| IT45617 | Thirdparty component updates for cumulative security update 9.3.0.17 | ||
| IT45788 | Upgrade the JRE level for IBM MQ V9.x to Java 8.0.8.20 for AIX, Linux, and Windows | ||
| ✓ | IT45890 | IBMJCEPlusFIPS RSA FIPS 140-2 cipher suites have been removed inthe latest Java runtime shipped with IBM MQ | |
| SE81342 | MESSAGE AMQ9917 NOT DEFINED IN MQ 9.3.0.15+ ON IBM I |
IBM MQ 9.3.0.16 cumulative security update for Windows, UNIX, IBM i, IBM MQ Appliance
(Last modified: 5 March 2024)
| Security APAR | HIPER APAR | APAR | Description |
| ✓ | IT44954 | IBM MQ CVE-2023-47745 [CVSS Base score 6.2] | |
| IT45017 | Thirdparty component updates for cumulative security update 9.3.0.16 | ||
| ✓ | IT45026 | IBM MQ CVE-2024-25016 and IBM MQ Appliance CVE-2024-25016 [CVSS base score 7.5] | |
| IT45097 | MQ appliance M2002 displays Link Aggregation interface names as "illegal" after upgrading from MQ 9.2 to MQ 9.3. | ||
| IT45202 | Failure in a network interface card might cause adjacent NIC to go down incorrectly. | ||
| ✓ | IT45274 | IBM MQ CVE-2023-39976 [CVSS Base score 9.8] | |
| IT45343 | Kernel modules to enable support for RDQM on RHEL 9 kernel 5.14.0-362.18.1 |
IBM MQ 9.3.0.15 fixpack for Windows, UNIX, IBM i, IBM MQ Appliance
(Last modified: 14 December 2023)
| Security APAR | HIPER APAR | APAR | Description |
| IT38647 | SIGSEGV in MQ application within function xcsReadEnvironment under libmqe.so | ||
| IT41300 | strmqm with incorrect file permissions and ownership hangs during queue manager startup | ||
| IT42593 | IBM MQ appliance commands do not notify the user about the restart of the queue manager. | ||
| IT42974 | An MQ Managed File Transfer (MFT) agent reports a NullPointerException in its event log (output0.log) | ||
| IT43410 | IBM MQ managed .Net client connecting to queue manager fails intermittently with MQ ERROR 2195 and 2009. | ||
| IT43505 | The amqsmon sample program provide with MQ does not recognize the -qm flag. | ||
| IT43663 | A duplicate message might be intermittently generated by the queue manager on Windows | ||
| IT44089 | DISPLAY CHSTATUS(*) SAVED returned "AMQ8135E: Not authorized" for auto-defined CLUSSDR channel status records | ||
| IT44104 | IBM MQ 9.3 queue manager might crash when using QALIAS of cluster queue as STREAMQ | ||
| IT44105 | MQ Jakarta Resource Adapter references incorrect classes leadingto NoClassDefFoundError | ||
| IT44134 | IBM MQ XMS client registers extraneous files with the .NET global assembly cache | ||
| IT44173 | MQSUB fails to automatically reconnect with 2548: MQRC_RECONNECT_FAILED | ||
| IT44235 | The runmqsc program fails with SIGSEGV when unexpected data is encountered in a PCF reply message | ||
| IT44251 | Queue manager trace temporarily disables itself when trace is started with the '-m' switch | ||
| IT44261 | Restrict number of lines output from dspmqtrc saying unrecognised hookID | ||
| IT44270 | IBM MQ MFT database logger fails to connect to DB2 with SQL30082N (reason 3) if it can't access the credentials file | ||
| IT44409 | Message rejected by Qpid Proton client not handled by MQ 9.3 LTSAMQP Service | ||
| IT44410 | Queue manager fails to restart when inconsistent line endings are in an MQSC automatic configuration script | ||
| IT44412 | Enhancements to the modver utility | ||
| IT44419 | MQ Appliance might reload due to memory throttling. | ||
| IT44421 | MQ Appliance 9.3: The web console access profile builder is missing MQ related resource types. | ||
| IT44499 | MQ JAVA/JMS trace fails due to java.lang.NumberFormatException | ||
| IT44513 | dmpmqcfg on Windows might output a truncated username suffixed with an invalid character | ||
| IT44554 | Thirdparty component updates for fix pack 9.3.0.15 | ||
| IT44567 | MFT agents generate FFDCs containing a NullPointerException, and monitors stop triggering, after upgrading to 9.3.0.10 | ||
| IT44575 | MCAUSER of a requester channel shows misleading user ID in channel status when RQSTR-SVR channels are started. | ||
| ✓ | IT44589 | IBM MQ Appliance CVE-2023-4807 [CVSS Base score 6.2] | |
| IT44606 | Memory leak in IBM MQ amqrmppa process when using MQIBindType=FASTPATH | ||
| IT44717 | Allow suppression of protocol error caused by v5 Java/JMS clients | ||
| IT44786 | Removal of the IBM MQ Bridge to blockchain component | ||
| ✓ | IT44821 | IBM MQ Appliance CVE-2023-5072 and IBM MQ CVE-2023-5072 [CVSS Base score 7.5] | |
| IT44858 | MQ Appliance 9.3 LTS RBM "read" access profile for the mgmt RESTAPI is insufficient to grant read access | ||
| ✓ | IT44885 | IBM MQ Appliance CVE-2023-46177 [CVSS Base score 6.5] | |
| IT44926 | Kernel modules to enable support for RDQM on RHEL 9.3 kernel 5.14.0-362.8.1 and RHEL 8.9 kernel 4.18.0-513.5.1 | ||
| ✓ | IT44961 | IBM MQ Appliance CVE-2023-22081, CVE-2023-567 IBM MQ CVE-2023-22081, CVE-2023-5676 [CVSS Base score 5.3] | |
| SE79607 | IBM MQ MFT upgrade via SLIP install error | ||
| SE80208 | MQ FDC XC006001 XCSFREEMEMFN ON FIRST STRMQM AT V9.3 | ||
| SE80551 | IBM MQ MANAGER MAY CRASH SHORTLY AFTER STARTUP |
IBM MQ 9.3.0.11 cumulative security update for Windows, UNIX, IBM i, IBM MQ Appliance
(Last modified: 30 October 2023)
| Security APAR | HIPER APAR | APAR | Description |
| IT44059 | Thirdparty component updates for cumulative security update 9.3.0.11 | ||
| ✓ | IT44585 | IBM MQ CVE-2023-38039 [CVSS Base score 7.5] |
IBM MQ 9.3.0.10 fixpack for Windows, UNIX, IBM i, IBM MQ Appliance
(Last modified: 31 August 2023)
| Security APAR | HIPER APAR | APAR | Description |
| IT34804 | Subscription messages are delivered out of sequence when using clustered pub/sub with multiple receiver channels | ||
| IT40382 | High CPU usage for IBM MQ amqzlaa0 process | ||
| IT40928 |
Unable to put a message to a queue when using a CCSID 943 JVM using the MQ classes for Java
|
||
| IT40977 | IBM MQ create subscription fails with 'AMQ8135E: Not authorized' | ||
| IT41181 | IBM MQ web console does not display new INITKEY and KEYRPWD attributes | ||
| IT41304 | MFT system property "com.ibm.wmqfte.cred.keyfile" is misspelt as "com.ibm.wqmfte.cred.keyfile" | ||
| IT41323 | Partial repository queue manager prematurely reports AMQ9456 warning or erroneous MQRC_UNKNOWN_OBJECT (2085) | ||
| IT41430 | MQ appliance status command might incorrectly show reduced disk allocation | ||
| ✓ | ✓ | IT41871 | IBM MQ CVE-2023-45177 & IBM MQ Appliance CVE-2023-45177 [CVSS Base score 5.3] |
| IT41913 | Excessive FDC records with probe identifier XC805110 XRUQUERYCPU_QM XECL_W_PERFORMANCE_BOTTLENECK | ||
| IT41985 | The character set used in the error logs for an RDQM Queue Manager changes depending on how the queue manager is started | ||
| IT42128 | AMS protected messages lose message properties when involved with SYSTEM.PROTECTION.ERROR.QUEUE | ||
| IT42341 | Attempting to restore a queue manager from a backup created with an older version of IBM MQ fails with error AMQ6546E. | ||
| IT42462 | CRDATE and CRTIME fields of the SYSTEM.DEFAULT.SUB object are set to blank vales | ||
| IT42550 | The SYSTEM.DEFAULT.SUB object disappeared and an FDC with probe identifier KN483002 was generated. | ||
| IT42821 | XMS .NET Core applications return an invalid message payload if the message was sent by a Mainframe application | ||
| IT42851 | Memory leak in the IBM MQ amqzlaa0 process | ||
| IT43013 | Using the WebConsole to Remotely browse messages on a queue on a z/OS queue manager show nothing. | ||
| IT43016 | MQ Classes for Java throws a MQRC 2019 exception 'MQRC_HOBJ_ERROR' when attempting to close a queue | ||
| IT43044 | MQ Appliance userrestore command fails with AMQ6650E when restoring a backup file that contains a group with many users | ||
| IT43084 | A 2085 or 3015 error is received when the IBM MQ Console or other application uses the Inquire Queue administrative command | ||
| IT43183 | IBM MQ resource adapter leaks LocalServer objects if an MDB's ejbCreate() method throws an exception | ||
| IT43316 | MQOPEN incorrectly returns 2189 MQRC_CLUSTER_RESOLUTION_ERROR for a queue that is not known in the cluster | ||
| IT43336 | MQ classes for Java API throws MQRC 2111 'MQRC_SOURCE_CCSID_ERROR' when getting a message. | ||
| IT43342 | SIGFPE divide by zero in xruQueryDiskUsageVolumeGroup when RDQM volume group has zero size | ||
| IT43349 | Delay in IBM MQ 9.2/9.3 multi-instance queue manager failover/switchover | ||
| IT43514 | Third party component updates in fix pack 9.3.0.10 | ||
| IT43646 | Clustering recovery and diagnostic improvements | ||
| IT43650 | Channel fails with AMQ9620 gsk_secure_soc_init error 12 when FIPS is enabled and TLS_CHACHA20_POLY1305_SHA256 is used | ||
| ✓ | IT43654 | Qmgr might generate FDC RN189010 with rrcE_FILE_CORRUPT after applying IT42194, channel might go unresponsive with high CPU usage. | |
| IT43679 | IBM MQ REST API removes the Carriage Return (CR) character from messages. | ||
| IT43691 | MFT PBA ABENDs with IndexOutOfBoundException if SFTP server returns a filesize of -1 | ||
| IT43724 | Kernel modules to enable support for RDQM on RHEL 9.2 kernel level 5.14.0-284.11.1 | ||
| IT43740 | MQ Bridge to SalesForce reports NullPointerExceptions when reconnecting to Salesforce | ||
| IT43770 | Kernel modules to enable support for RDQM on RHEL 8.8 kernel level 4.18.0-477.10.1 | ||
| IT43783 | MQ processes and commands might fail if the qm.ini file contains unexpected character and MQ trace is enabled | ||
| IT43790 | MQ 9.2 always outputs INDOUBT(YES) in Saved channel status, even when the channel is not indoubt | ||
| IT43806 | MFT resource monitor fails to re-trigger on an item that has been successfully processed and is then manually put back | ||
| IT43854 | A MQ classes for JMS application reaches a deadlock condition when comparing MQDestination objects | ||
| IT43872 | MQ appliance generates errors related to non MQ objects(b2bp and apigw) when querying SNMP MIB | ||
| ✓ | IT43897 | IBM MQ Appliance CVE-2023-2650 (Appliance OpenSSL) [CVSS base score 7.5] | |
| ✓ | IT44043 | IBM MQ CVE-2023-21930, CVE-2023-21967, CVE-2023-21939, CVE-2023-21938 and MQ Appliance CVE-2023-21930, CVE-2023-21967 [CVSS base score 7.4] | |
| IT44111 | In the MQ web console in Spanish, rename the button for 'CLEAR QUEUE' to be 'VACIAR COLA' | ||
| IT44184 | Uninstalling mqm.web.rte fileset on AIX may report non-zero exit status error even though directory has been removed | ||
| IT44203 | The DRDB and Pacemaker Linux RPM packages in the MQ installation media have inconsistent file mode permissions | ||
| IT44268 | Following an HA reconnection, the queue manager no longer runs on the preferred node | ||
| IT44335 | Migration of IBM MQ Appliance HA queue manager from MQ 9.2 to 9.3 fails if the queue manager has been manually stopped | ||
| SE79493 | MQ logger event enabled on IBM i generates redundant logger message information | ||
| SE79541 | IBM MQ manager may crash if journal locked when AMQZMUC0 attempts CHGJRN *GEN | ||
| SE79868 | 5725A49 MQ client connection fails with 2071 AMQ9211 on 65th connection within same job | ||
| SE79913 | MQ client application failure 3452 | ||
| ✓ | SE80122 | IBM MQ CVE-2023-2650 for OpenSSL (IBM i ) [CVSS base score 7.5] |
IBM MQ 9.3.0.6 cumulative security update for Windows, UNIX, IBM i, IBM MQ Appliance
(Last modified: June 2024)
| Security APAR | HIPER APAR | APAR | Description |
| IT40694 | The runmqakm command does not report an error when the target file is not writable | ||
| IT41592 | IBM MQ might become unresponsive due to delays in its cyptographic provider | ||
| ✓ | IT42945 | IBM MQ CVE-2023-28513 and IBM MQ Appliance CVE-2023-28513 [CVSS base score 5.9] | |
| IT43039 | Thirdparty component updates for cumulative security update 9.3.0.6 | ||
| ✓ | IT43704 | IBM MQ Appliance CVE-2022-48303 [CVSS base score 7.8] | |
| ✓ | IT43717 | IBM MQ CVE-2023-24998 and IBM MQ Appliance CVE-2023-24998 [CVSS base score 7.5] | |
| ✓ | IT43802 | IBM MQ CVE-2023-32342 and IBM MQ Appliance CVE-2023-32342 [CVSS base score 7.5] |
IBM MQ 9.3.0.5 fix pack for Windows, UNIX, IBM i, IBM MQ Appliance
(Last modified: November 2023)
| Security APAR | HIPER APAR | APAR | Description |
| IT35334 | MQRC 2019 'MQRC_HOBJ_ERROR' when opening a queue using the MQ classes for Java | ||
| IT35455 | Provide feedback in the MQ error log when LDAP connection is slow | ||
| IT36231 | IBM MQ XMS exception listener is only triggered on Connection broken exceptions | ||
| IT36555 | AMQ9635 error message displays arbitrary characters at the end of the CipherSpec in the MQ queue manager error logs | ||
| IT36965 | System.NullReferenceException occurs when .Net client tries to browse multiple messages. | ||
| IT37481 | Poor performance observed with MQIPT under load when running with Trace=1 or higher in the mqipt.conf file | ||
| IT37483 | High CPU usage reported for an agent process amqzlaa0 when ending the MQ queue manager | ||
| IT37500 | FDCs with ProbeID 'CO609020' generated by queue manager for a SVRCONN channel with SHARECNV(1) | ||
| IT37842 | IBM MQ AMQP channel does not start automatically with AMQP service after upgrade | ||
| IT38618 | After applying a fix pack to a Developer Edition installation onWindows, dspmqver incorrectly reports production license | ||
| IT38726 | IBM MQ process amqzmuc0 may consume 100% CPU | ||
| IT39358 | SSL protocol exception reported by IBM MQ Java/JMS clients during TLS handshake when qmgr keystore has many certificates | ||
| IT39743 | IBM MQ process amqpcsea ended unexpectedly with insufficient diagnostics | ||
| IT39803 | XMS sample programs SimpleConsumer and SimpleProducer do not honor the SSL key repository parameter | ||
| IT40332 | amqrmppa generates FDC XC006001 from xcsFreeMemFn with error xecS_I_PRIVATE_MEMORY_ERROR and Comment "invalid head tag" | ||
| IT40337 | IBM MQ full repository queue manager reported errors AMQ9435E and 2085 (MQRC_UNKNOWN_OBJECT_NAME) | ||
| IT41426 | The runmqsc DISPLAY QMGR help text is misaligned | ||
| IT41625 | RDQM configured for both HA and DR unable to run on any node after frequent connection interruptions | ||
| IT41652 | RDQM: Unexpected failover caused by excessive sensitivity to network delays | ||
| IT41964 | IBM MQ generates corrupted file paths for .TRS files when a longMQ data path has been set | ||
| IT42294 | Broken JMS connections remain in JEE connection pools if an enterprise application registers its own ExceptionListener | ||
| ✓ | IT42322 | Native HA queue manager generates FDC with probe ID HL199020 hrcE_UNEXPECTED_ERROR | |
| IT42339 | Bad data arrived at MQ's socket in an MQ client application, butthe required FDC was not written | ||
| IT42355 | MQ classes for JMS applications become blocked while creating a JMS Session when using automatic client reconnection | ||
| IT42384 | MQ-JMS application hangs when consuming a message from a v6.0 queue manager | ||
| IT42425 | MQ Telemetry fails to start and reports an AMQXR0008E containing reason code 2059 (MQRC_Q_MGR_NOT_AVAILABLE) | ||
| IT42435 | ZLIBFAST channel compression results in failures with a JMS MessageConsumer | ||
| IT42634 | XMS .NET USES UNSAFE METHOD WHILE CREATING A THREAD IN THE SIBUSCOMPONENT. | ||
| ✓ | ✓ | IT42674 | IBM MQ CVE-2022-43919 and IBM MQ Appliance CVE-2022-43919 [CVSS base score 5.3] |
| IT42690 | MQ queue manager might report AMQ6762E(log extent corrupt) during startup | ||
| IT42798 | First failure data (FDC) records with probe OP233170 from trcFCloseFn written when MQ trace filesystem is full | ||
| IT42810 | Many ZM013000 ztmTidyUpXASessions trcE_UNEXPECTED_RM_ERROR FDCs from MQ code in application | ||
| ✓ | IT42812 | IBM MQ CVE-2023-22874 [CVSS base score 5.5] | |
| IT42942 | An additional RDQM kernel module is required for RHEL 8.7 kernel4.18.0-425.10.1 | ||
| IT43175 | Third party component updates in fix pack 9.3.0.5 | ||
| ✓ | IT43177 | IBM MQ Appliance CVE-2022-4304, CVE-2023-0215, CVE-2023-0286, CVE-2022-4450 [CVSS base scores 7.5 - 8.2] | |
| ✓ | IT43273 | IBM MQ CVE-2023-27535, CVE-2023-23916 [CVSS base scores 7.5 - 9.1] | |
| ✓ | IT43335 | IBM MQ CVE-2023-28950 [CVSS base score 5.1] | |
| ✓ | IT43377 | IBM MQ Appliance CVE-2021-46848, CVE-2022-43680, CVE-2022-40303, CVE-2022-40304 [CVSS base scores 7.5 - 9.1] | |
| ✓ | IT43381 | IBM MQ CVE-2023-26285 and IBM MQ Appliance CVE-2023-26285 [CVSS base score 5.9] | |
| IT43387 | IBM MQ Appliance incorrectly displays NFS static mount configuration page | ||
| IT43454 | Kernel modules to enable support for RDQM on RHEL 9.1 kernel level 5.14.0-162.22.2 | ||
| IT43741 | Running IBM MQ commands during installation of MQ may result in failures opening CCSID file table | ||
| PH51546 | Managed File Transfer (MFT) agent ABENDs with a B37-04 condition while transferring to a sequential data set. | ||
| SE78457 | ENDMQM looping in QUIESCING state when utility manager thread ended unexpectly | ||
| SE78759 | STRMQM failure AMQ7061I with ProbeID ZX000126 | ||
| SE78955 | ENDMQM processing error MCH3601 | ||
| SE79052 | MQGET in syncpoint return code variance | ||
| SE79341 | ENDCMTCTL CPF8355 AFTER MQ IN IBM I TRANSACTION | ||
| ✓ | SE79414 | IBM MQ CVE-2022-4450, CVE-2023-0216, CVE-2023-0401, CVE-2022-4203, CVE-2023-0217, CVE-2022-4304 [CVSS base score 7.5] |
IBM MQ 9.3.0.4 cumulative security update for Windows, UNIX, IBM i, IBM MQ Appliance
(Last modified: 26 February 2023)
| Security APAR | HIPER APAR | APAR | Description |
| ✓ | IT42194 | IBM MQ CVE-2022-40237 [CVSS base score 6.5] | |
| IT42761 | Thirdparty component updates for cumulative security update 9.3.0.4 | ||
| ✓ | IT43061 | Executing runmqras against an RDQM queue manager as root may cause a kernel crash |
IBM MQ 9.3.0.3 cumulative security update for Windows, UNIX, IBM i, IBM MQ Appliance
(Last modified: 26 January 2023)
| Security APAR | HIPER APAR | APAR | Description |
| ✓ | IT42724 | IBM MQ CVE-2021-37533 [CVSS base score 6.5] | |
| IT42725 | Update Apache Commons Net level to 3.9.0 for IBM MQ | ||
| ✓ | IT42853 | IBM MQ Appliance M2002 migration from 9.2 to 9.3 fails if a floating IP address is assigned to a subset of configured High Availability queue managers |
IBM MQ 9.3.0.2 fix pack for Windows, UNIX®, IBM i, IBM MQ Appliance
(Last modified: November 2023)
| Security APAR | HIPER APAR | APAR | Description |
| IT34707 | IBM MQ classes for Java generated MQSTR format messages with message properties are always encoded in CCSID 1208 | ||
| IT35513 | The IBM MQ managed .Net client does not use the certificateLabel attribute specified in a CCDT | ||
| IT35772 | The message BFGUB0068E does not reflect the error of MFT data directory doesn't have write permission | ||
| IT36749 | In IBM MQ 9.2 .Net client throws System.ArgumentException Exception when using MQGET with waitInterval | ||
| IT39332 | IBM MQ appliance sethaint command does not notify the user about queue manager restart when floating IP is added | ||
| IT39409 | IBM MQ shows incorrect status when channel status is displayed with CONNAME('IP(PORT)') | ||
| IT39850 | IBM MQ managed .NET client using uppercase certificatelabel via hashtable or MQEnvironment property fails. | ||
| IT40296 | The DISPLAY CHSTATUS command incorrectly provides output for inactive channels | ||
| IT40554 | Memory leak in IBM MQ amqzlaa0 process after MQRC_SYNCPOINT_LIMIT_REACHED is encountered | ||
| IT40838 | IBM MQ client unable to connect to an IBM MQ version 8.0 or later queue manager when using SSPI security exit | ||
| IT40956 | DISPLAY CHSTATUS for a SDR channel contained LONGRTS(0) SHORTRTS(0) but the channel had not retried many times | ||
| IT41012 | IBM MQ agent process (amqzlaa0) terminates unexpectedly in queue full scenario | ||
| IT41035 | Application terminates with FDC XC130003 due to memory exception(SIGSEGV) in TraceEntry in mqccred exit | ||
| IT41242 | MFT Audit Information can incorrectly report DESTINATION_FILE_SIZE as -1 for a recovered transfer request | ||
| IT41272 | Redistributable Java client incorrectly contains JMSAdmin tool | ||
| IT41354 | IBM MQ 9.2 client might report a memory segmentation fault when JSON format CCDT file used along with TLS | ||
| IT41391 | The endmqm command help/usage text does not list the "-t" and "-tp" options. | ||
| IT41422 | IBM MQ for Linux writes FDC from 32-bit application reporting XC035011 and errno 22 from pthread_create | ||
| IT41424 | Update the JRE to level 8.0.7.15 on AIX, Linux, Solaris, Windows, and 8.0.7.10 on HP-UX for IBM MQ | ||
| IT41479 | Update level of GSKit supplied with IBM MQ 9.3 to GSKit 8.0.55.29 | ||
| IT41482 | IBM MQ Console is missing certain attributes in the queue storage panel. | ||
| IT41530 | The dmpmqmsg utility is not able to browse an AMS-protected queue containing a message larger than 6700 bytes | ||
| IT41695 | IBM MQ Console reports MQWB2013E error containing reason code 2085 when trying to administer queues in a QSG | ||
| IT41697 | IBM MQ 9.3 XMS .Net client hangs on dispose of ISession | ||
| IT41777 | IBM MQ-RA activation specification running in non-ASF mode in WebSphere Application Server pauses prematurely | ||
| IT41811 | IBM MQ .NET applications hang during reconnection when connected to a uniform cluster. | ||
| IT41904 | FDC record with Probe ID CO373099 does not include the peer connection name in the header | ||
| IT41919 | Channels fail to start with MQRC_SSL_INITIALIZATION_ERROR (2393)when using TLS1.3 with SSLFIPS(YES) | ||
| IT42017 | Managed File Transfer (MFT) agent shuts down due to reason code 2017 when using the multiple channel functionality | ||
| ✓ | IT42021 | IBM MQ CVE-2022-34165 & IBM MQ Appliance CVE-2022-34165 [CVSS base score 5.4] | |
| IT42024 | Update the WebSphere Liberty Profile to 22.0.0.9 plus interim Fixes PH46816 and PH48810 | ||
| ✓ | ✓ | IT42098 | IBM MQ Appliance CVE-2022-1012, CVE-2021-45485, CVE-2021-45486 [CVSS base score 6.2 & 8.2] |
| ✓ | IT42100 | IBM MQ CVE-2021-2163 and IBM MQ CVE-2023-30441 and IBM MQ Appliance CVE-2023-30441 [CVSS base score 7.5] | |
| IT42142 | Error message AMQ9575 is incorrect for non-English languages | ||
| IT42173 | MQCONNX fails with MQRC_SSL_INITIALIZATION_ERROR (2393) if multiple hostnames and SSLPeerName are specified | ||
| ✓ | IT42204 | IBM MQ CVE-2022-42436 [CVSS base score 4] | |
| ✓ | IT42209 | IBM MQ CVE-2022-24839 [CVSS base score 7.5] | |
| IT42253 | Deadlock occurs if trace is enabled on a managed file transfer (MFT) 9.3.0.1 agent that has resource monitors defined | ||
| ✓ | IT42280 | IBM MQ CVE-2022-25857 [CVSS base score 7.5] | |
| IT42291 | Update the Hyperledger Fabric Gateway, Jetty and CometD for IBM MQ 9.3 LTS for the IBM MQ Bridge to Blockchain/Salesforce | ||
| IT42321 | MQ command ffstsummary.exe fails to read FDC files more than 2 GB in size | ||
| IT42324 | Update Bouncy Castle shipped by IBM MQ 9.3 LTS to version 1.72 | ||
| IT42325 | Upgrade ICU4J for IBM MQ MFT to 72.1 | ||
| IT42326 | Update JSON shipped by IBM MQ 9.3 LTS to version 20220924 | ||
| IT42327 | Upgrade the Apache qpid-proton-j level for IBM MQ to qpid-proton-j 0.34.0 | ||
| IT42328 | Update IBM Sterling c:d Application Interface for Java (CDJAI) to 1.1.0.1 | ||
| IT42330 | Update FasterXML (jackson library) to the latest version . | ||
| ✓ | IT42342 | IBM MQ CVE-2022-38749, CVE-2022-38750, CVE-2022-38751, CVE-2022-38752 [CVSS base score 5.3] | |
| ✓ | IT42343 | IBM MQ CVE-2022-3510, CVE-2022-3509 and IBM MQ CVE-2022-1471, CVE-2022-41854 and IBM MQ CVE-2022-3171 [CVSS base score 8.3] | |
| ✓ | IT42344 | IBM MQ CVE-2022-42004, CVE-2022-42003 [CVSS base score 6.2] | |
| IT42349 | Update level of zlib supplied with IBM MQ 9.3 LTS to 1.2.13 | ||
| IT42351 | Update level of libedit supplied with IBM MQ 9.3 LTS to 0:69:0 (20221009-3.1) | ||
| IT42386 | Update DRBD and Pacemaker packages supplied with IBM MQ 9.3 LTS | ||
| IT42418 | Update the WebSphere Liberty Profile to 22.0.0.12 | ||
| IT42420 | IBM MQ Appliance RAID battery high temperature warning can be given incorrectly at 40 degrees C | ||
| IT42444 | Updates to internal firmware components on the IBM MQ Appliance | ||
| IT42445 | Kernel modules to enable support for RDQM on RHEL 8.7 (Kernel level 4.18.0-425) | ||
| IT42456 | Update the IBM JRE to level 8.0.7.20 (AIX, Linux, Solaris, and Windows) for IBM MQ | ||
| ✓ | IT42457 | IBM MQ: CVE-2022-21626, CVE-2022-21624; IBM MQ Appliance: CVE-2022-21626 [CVSS base score 5.3] | |
| IT42527 | Update level of libcurl supplied with IBM MQ 9.3 LTS to 7.86.0 | ||
| ✓ | ✓ | IT42613 | IBM MQ: CVE-2022-43902; IBM MQ Appliance: CVE-2022-43902 [CVSS base score 6.5] |
| SE78032 | AMS reports error message incorrectly when journaling on PEM files. | ||
| SE78411 | Several IBM MQ on IBM i CL commands run with in a panel then F5 refresh causes SEGV | ||
| SE78457 | ENDMQM looping in QUIESCING state when utility manager thread ended unexpectly | ||
| SE78501 | AMQRMPPA AMQZLAA0 jobs running is wrong subsystem(QMQM) after configuration of custom subsystem | ||
| SE78600 | IBM MQ authority record not shown. | ||
| SE78659 | Command WRKMQMQSTS with *CONNAME filter may hang or crash IBM MQ queue manager. | ||
| SE78732 | IBM MQ 9.2: Queue manager fails to start across user profiles with different CCSID. | ||
| SE78810 | Update level of OpenSSL shipped with IBM MQ 9.3 LTS on IBM i to OpenSSL 3.0.7 | ||
| ✓ | SE78814 | IBM MQ CVE-2022-3602, CVE-2022-3786 [CVSS base score 7.5] |
(Last modified: 22 September 2022)
| Security APAR | HIPER APAR | APAR | Description |
| ✓ | IT33206 | IBM MQ CVE-2022-31772 [CVSS base score 5.3] | |
| IT37148 | FDCs with probe identifiers RM632001/RM632002 are generated while running an IBM MQ C client application | ||
| IT38770 | fteListMonitors can display monitor details twice if the monitor configuration is being updated when it is run | ||
| IT39231 | IBM MQ 9.2 LTS fix pack rpm installer does not correctly prohibit application to a 9.2.x CD installation | ||
| IT39802 | IBM MQ Java/JMS application appears to hang when connecting to a non-responsive queue manager | ||
| IT39919 | IBM MQ resource adapter logs large MQJCA4023 messages if an activation specification fails to connect to a queue manager | ||
| IT39972 | IBM MQ Classes for Java/IBM MQ JMS for Java with trace enabled can result in unexpected increased indentation for methods | ||
| IT40168 | fteDeleteAgent with the -f option does not remove resource monitor publications from coordination queue manager | ||
| IT40502 | Security exit user data (SCYDATA) is not passed to a security exit when using the IBM MQ classes for Java and a CCDT | ||
| IT40532 | Managed File Transfer destination agent stops and generates an ABEND file containing a java.nio.file.InvalidPathException | ||
| IT40577 | AMQP clients intermittently stop receiving messages from the IBM MQ AMQP service after upgrading to IBM MQ 9.2.0.4 | ||
| IT40648 | FDCs generated in user application with ProbeId ZT424000 from component zutLookupRelease | ||
| IT40776 | NullPointerException observed when a security exit is being called concurrently on multiple threads. | ||
| IT40791 | IBM MQ Classes for JMS - Messages are not going to the backout queue after the backout threshold is hit. | ||
| IT41229 | IBM MQ Java components incorrectly group Simplified Chinese CCSIDs936 and 1386 together as equivalent encodings | ||
| IT41233 | IBM MQ 9.3 installer incorrectly states that Windows 2016 is a valid target operating system | ||
| IT41407 | Update level of libcurl supplied with IBM MQ 9.2 and 9.3 LTS to libcurl 7.84.0 | ||
| IT41408 | Invalid queue manager name and PUTAPPLNAME in channel statisticsmessages | ||
| IT41412 | IBM MQ: JAVA.LANG.STACKOVERFLOWERROR caused by recursive function calls inside SessionWrapper. | ||
| IT41423 | Update Fabric Gateway, Jetty and CometD supplied with IBM MQ 9.3 LTS for the IBM MQ Bridge to Blockchain and Salesforce | ||
| IT41425 | Update the IBM MQ embedded WebSphere Liberty Profile to 22.0.0.6 | ||
| IT41438 | Update the JSON Java library to level 20220320 for IBM MQ | ||
| ✓ | ✓ | IT41495 | IBM MQ CVE-2022-32206 (security/integrity exposure) [CVSS base score 4.3] |
| ✓ | IT41568 | IBM MQ CVE-2022-24329 (security/integrity exposure) [CVSS base score 5.3] | |
| ✓ | IT41579 | IBM MQ CVE-2022-22476 and IBM MQ Appliance CVE-2022-22476 (security/integrity exposure) [CVSS base score 5] | |
| IT41589 | Update the IBM MQ embedded Websphere Liberty Server to 22.0.0.6 plus APAR PH48187 | ||
| IT41599 | Update DRBD packages supplied with IBM MQ 9.3 LTS | ||
| IT41602 | Update level of JSON-C supplied with IBM MQ 9.3 LTS to 0.16-20220414 | ||
| IT41603 | Deadlock occurs if a Managed File Transfer (MFT) agent that has resource monitors defined is started with trace enabled | ||
| IT41647 | IBM MQ generates FDC with probe identifier RM040001 and error code zrcI_NOT_FOUND from rriFreeSess function | ||
| ✓ | IT41682 | IBM MQ Appliance CVE-2022-32750 [CVSS base score 5.4], IBM MQ Appliance CVE-2022-31774 [CVSS base score 5.4] & IBM MQ Appliance CVE-2022-31775 [CVSS base score 5.5] | |
| IT41962 | IBM MQ Appliance Web UI displays 'admin' as the logged in user | ||
| ✓ | IT41997 | IBM MQ Appliance CVE-2022-40230 (security/integrity exposure) [CVSS base score 5] | |
| SE78246 | Update OpenSSL to 3.0. | ||
| SE78285 | AMQRSSLC creates stash file with incorrect name if .kdb extension specified. |
[{"Type":"MASTER","Line of Business":{"code":"LOB67","label":"IT Automation \u0026 App Modernization"},"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSYHRD","label":"IBM MQ"},"ARM Category":[{"code":"a8m0z00000008MGAAY","label":"Install"}],"Platform":[{"code":"PF002","label":"AIX"},{"code":"PF012","label":"IBM i"},{"code":"PF016","label":"Linux"},{"code":"PF033","label":"Windows"}],"Version":"9.3.0"}]
Was this topic helpful?
Document Information
Modified date:
26 June 2024
UID
ibm16695813