aix ibm patch level and remaining support lifecycle

Can anyone explain how out of date the following software levels for AIX IBM are: (returned from oslevel –s) (returned from oslevel –s)
Also is it the same as MS software whereby products are only patched if at a certain release level or service pack level, subsequently, are these products still under support, and for how long, or if they are out of support, when did they go out of support? Especially interested for the older version (5.3) which I think is now about 10 years old since it was first released…
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Dave GouldOnsite SupportCommented:
Check this thread out:

It contains a link to IBM Fix central that is very useful for AIX admins.

Here is an extraction from AIX/5.3/Best Practices -- Upgrading from AIX 5.3 to 7.1:

Why Should I Upgrade to AIX 7.1?
The answer to this question will vary by customer, but one of the main reasons is AIX 5.3 will no longer be supported after April, 2012, unless an extended service agreement is purchased.
oslevel -s should show a bit more than just "", even with an old AIX 5.3.

The basic format of the output is

<version/release>-<maintenance/technology level>-<service pack level>-<service pack date>

e.g. "5300-12-04-1119"

The last value tells you how old your OS really is, "1119" means "week # 19 of year 2011"

You can see the software lifecycle of a base product  here:

AIX 5.3 had a general availability date of "13-Aug-2004" and an end of support date of "30-Apr-2012", regardless of the installed maintenance or patch level.

AIX 6.1 had a general availability date of "12-Sep-2008" (Enterprise Edition) and is still under support.

End of support means that you can't open PMRs anymore, it does not necessarily mean that there will be no more Fix packs!

A Technology level update (formerly "Maintenance level) is issued once or twice a year and contains new functions and features along with the normal bugfixing, a Service pack contains fixes for problems that are critical and can't wait until the next TL.

Attention: Service Packs are cumulative, but Technology Level updates are not!

The lifecycles of given technology levels / service packs can be viewed at Fix Central:

Select Product Group: "IBM Operating Systems", select from IBM Operating Systems: "AIX", select Version: 5.3 (or 6.1), select Fix type: Fix Packs, click Continue.

At the bottom of the following page there is a chart showing the lifecycles of MLs/TLs and SPs.

The page also contains references to all MLs/TLs/SPs issued so far including download links, with the latest (newest) showing at the top.

As you will see, the latest TL for AIX 5.3 is  5300-12-00-1015  which means: TL # 12 as of week # 15 of 2010, and the latest SP for this TL is  5300-12-08-1316 which means: SP # 8 for TL # 12 as of week # 16 of 2013 (they often ship Fix packs after end-of service).

The latest TL for AIX 6.1 is  6100-09-00-1341, which means: TL # 9 as of week # 41 of 2013, and the latest SP for this TL is  6100-09-01-1341 which means: SP # 1 for TL # 9 as of week # 41 of 2013 (TL and SP were shipped at the same time).

This is IBM'S presentation of their AIX service strategy, explaning the used technical terms and the general AIX service concept:

Here's another paper dealing with AIX update strategies, containing short hands-on instructions how to deal with TLs and SPs:

By the way, didn't we talk about the same topic in an earlier thread?


Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
pma111Author Commented:
We did indeed (but I must confess the response was a little overwhelming), however I hoped it would be easier to digest if I had a build number to discuss. And that is definately all the output from that command. So makes it hard to again digest the service pack date as all it says is "0"

I was hoping from the build numbers provided you could say its missing 2 service packs and endless security patches.
Rowby Goren Makes an Impact on Screen and Online

Learn about longtime user Rowby Goren and his great contributions to the site. We explore his method for posing questions that are likely to yield a solution, and take a look at how his career transformed from a Hollywood writer to a website entrepreneur.

pma111Author Commented:
or could the ".0.0" indicate no service packs have ever been applied since the server was provisioned? Are service packs the same as microsoft, or do they essentially represent "bundles" of patches, because on MS you have say 2/3 service packs per lifecycle, but endless security patches in between those service packs.
>> the ".0.0" indicate no service packs have ever been applied <<

Yes, if that's indeed the output of oslevel -s then there wasn't any maintenance level (let alone service pack) applied ever.

Moreover, you're on a level which didn't yet know about build dates or service packs. This was the case with AIX 5.3 before maintenance level 1, means: with the very, very first 5.3 shipment. As far as I know this shipment was accompanied by a second CD set containing required maintenance (i.e. ML 1). Seems you didn't even install this accompanying service (a real malpractice, by the way).

You can check with

instfix -i | grep AIX_ML

if your system knows about any maintenance levels besides "", but I really don't think so.


instfix -i | grep "SP "

to check for service packs.

>> you could say its missing 2 service packs and endless security patches.  <<

No need to ponder on this. It's not missing some selected service packs, it's missing all service packs!

To get this system to a somewhat reliable state you will have to install all MLs/TLs, from "1" to let's say "12" - one after the other with no intervening gaps allowed (remember, MLs/TLs are not cumulative!)

Your 6.1 doesn't look any better. It's also the initial release. Here, too, we had a "required maintenance" CD in the shipment (TL 0 !), which had to be applied immediately after
installation (thus the term "required maintenance").

Didn't you ever use your machines for production?

What Microsoft call "Service Pack" is a "Technology Level" in AIX. Intermediate patches are bundled to "Service Packs", and urgent security fixes are called "Emergency Fix" and are handled separately (There is a selection option for these in Fix Central).

"instfix -i | grep AIX_ML" on a "recent" AIX 5.3 must look like this:
    All filesets for were found.
    All filesets for 5300-01_AIX_ML were found.
    All filesets for 5300-02_AIX_ML were found.
    All filesets for 5300-03_AIX_ML were found.
    All filesets for 5300-04_AIX_ML were found.
    All filesets for 5300-05_AIX_ML were found.
    All filesets for 5300-06_AIX_ML were found.
    All filesets for 5300-07_AIX_ML were found.
    All filesets for 5300-08_AIX_ML were found.
    All filesets for 5300-09_AIX_ML were found.
    All filesets for 5300-10_AIX_ML were found.
    All filesets for 5300-11_AIX_ML were found.
    All filesets for 5300-12_AIX_ML were found.
I assume your system will show
All filesets for were found.
"instfix -i | grep AIX_ML" on a "recent" AIX 6.1 must look like this:
    All filesets for 6100-00_AIX_ML were found.
    All filesets for 6100-01_AIX_ML were found.
    All filesets for 6100-02_AIX_ML were found.
    All filesets for 6100-03_AIX_ML were found.
    All filesets for 6100-04_AIX_ML were found.
    All filesets for 6100-05_AIX_ML were found.
    All filesets for 6100-06_AIX_ML were found.
    All filesets for 6100-07_AIX_ML were found.
    All filesets for 6100-08_AIX_ML were found.
    All filesets for 6100-09_AIX_ML were found.
    All filesets for were found.
I assume your system will show
All filesets for were found.

pma111Author Commented:
thanks again. Aside from the obvious security related issues in not applying service packs and technology levels, what other risks are posed by not keeping the system up to date? We work in risk as opposed to IT but some examples of risks posed by not applying updates would be most useful in trying to convince IT to review their current procedures in this area.
pma111Author Commented:
i'll try those commands tomorrow
pma111Author Commented:
and do IBM only release patches to AIX IBM systems if they are at a given technology level? And if so where can you see which technology level is supported. for example older service packs of windows server wont be eligible for new patches, therefore staying on an old SP is a security issue in itself.
AIX TLs usually contain new features, performance or usability improvements - why forego something you paid for?

Some examples of risks?

Well, no software is error free. "Every non trivial program has at least one bug" (Murphy's computer law #8).

I saw an AIX 5.3 run for months until all of a sudden the init process began to eat up all CPU. I saw a memory leak in syncd, which didn't show up before the process had run for half a year. I saw NFS mounts break due to some (allowed) change in the network - consequence of an OS bug.

There are many such more or less important bugs in every OS, where some people never get punched with and some people get affected immediately or maybe after months - it's all a matter of fine-grain configuration/workload/infrastructure differences etc.

Better stay on the bright side and apply at least the TL updates.

Apply SPs if you're directed by IBM to do so in order to fix an issue on your side, or if new software requires a certain SP level - or if there's spare time, of course.

Stay informed on the availability of security patches, apply them if you think you're affected.

IBM have a notification system for security bulletins, but also for regular updates, hints and tips and more:

(IBM ID required)

Try it, you'll be astonished at the amount of activity shown at good ol' Big Blue.
To your last question:

>> do IBM only release patches to AIX IBM systems if they are at a given technology level? <<

Well, I tried to explain just such things above, but it seems that I can't phrase them clearly enough, sorry.
So I'd really be glad if you could actually study the publications about IBM's service/update strategy whose links I posted.
They're really informative and maybe you'll find more and better answers there.
But, of course, don't hesitate to ask for more assistance  if the mentioned information doesn't seem sufficient anyway.
pma111Author Commented:
just to wrap up, if your version says is this build completely irrelevant of security patches? or would security patches be included in the service packs, therefore if SP's are missing, your missing security patches?

There are emergency fixes which would fit into several levels. There is no way around reading the patch descriptions in such a case.

SPs belong to a particular TL. So if you're on TL 0 (i.e. no TL applied) you can only install SPs for TL 0, if you're on TL 1 you can only install SPs for TL 1, if you're on TL 2 you can only install SPs for TL 2 ...

Moreover, if you just went to let's say TL 2 and want to install an SP for this level but you have already installed an SP while still on TL 1 with a higher build date than the one for TL 2 you cannot install this SP for TL 2, to avoid possible regressions. This is a rare case, but it happens. And in almost every case there is already a higher SP available which you can use.

If SPs are missing you're missing security patches - yes, at least in most cases. I can't remember an SP which didn't contain security patches, but it's a remote possibility nonetheless.
Did you notice that the link posted by "trappa01" points to one of my EE contributions, which, moreover, was an answer to one of your previous questions?

Rating my solution as "assisted" hence seems a bit strange, to say the least.
Dave GouldOnsite SupportCommented:
As much as I appreciate the points, I must admit that woolmilkpork is right.
Having said that, I have spent ages helping other people out only to find that the points were given to somebody else that merely repeated what I said.
If there is a way to redistribute, then I have no qualms about losing the points I gained on this question.

I don't care too much for the points, but I think "assisted" is just an inappropriate rating here.

Let's wait a bit, perhaps pma111 has something to say ...
pma111Author Commented:
sorry geniune mistake, how can I reassign the points?
Please click "Request Attention" and explain your concern!
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Unix OS

From novice to tech pro — start learning today.