APAR status
Closed as program error.
Error description
Error Message: The Cipher.update() is not copy safe for some algorithms(For example AES and DES). The unprocessed input gets overwritten by the output if the input and output point to the same array and there is overlaps between the input and output. . Stack Trace: N/A . According to Java documentation, Cipher.update() should be copy safe. See below:"Note: this method should be copy-safe, which means the input and output buffers can reference the same byte array and no unprocessed input data is overwritten when the result is copied into the output buffer."
Local fix
N/A
Problem summary
JCE Cipher.update() is not copy safe
Problem conclusion
The fix has been applied to all affected algorithms.The associated RTC PR is 73380The associated Austin CMVC defect is 116131The associated Hursley CMVC defect is 202561The associated Austin APAR is IV68657JVMs affected : Java 5.0, Java 6.0, Java 6.1, Java 7.0, Java 7.1he fix was delivered for Java 5.0 SR16FP9, Java 6.0 SR16FP3, Java 6.1 SR8FP3, Java 7.0 SR8FP10, Java 7.1 SR2FP10The affected jar is "ibmjceprovider.jar".The build level of this jar for the affected releases is "20141125" . This APAR will be fixed in the following Java Releases: 6 R1 SR8 FP3 (6.1.8.3) 5.0 SR16 FP9 (5.0.16.9) 6 SR16 FP3 (6.0.16.3) 7 SR8 FP10 (7.0.8.10) 7 R1 SR2 FP10 (7.1.2.10) . Contact your IBM Product's Service Team for these Service Refreshes and Fix Packs. For those running stand-alone, information about the Service Refreshes and Fix Packs can be found at: https://www.ibm.com/developerworks/java/jdk/
Temporary fix
Comments
APAR Information
APAR number
IV68753
Reported component name
SECURITY
Reported component ID
620700125
Reported release
260
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt
Submitted date
2015-01-20
Closed date
2015-01-20
Last modified date
2015-01-20
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
SECURITY
Fixed component ID
620700125
Applicable component levels
R260 PSY
UP
R600 PSY
UP
[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSNVBF","label":"Runtimes for Java Technology"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"260","Edition":"","Line of Business":{"code":"LOB36","label":"IBM Automation"}}]
Document Information
Modified date:
07 December 2020