IJ07855: FOR IBMJCEPLUS AND IBMJCEPLUSFIPS PROVIDERS, THE DEPENDENT LIBRARY 'IBM CRYPTO FOR C MODULE' HAS BEEN UPGRADED.
Closed as program error.
Error Message: N/A . Stack Trace: N/A . N/A
For IBMJCEPlus and IBMJCEPlusFIPS providers, the dependent library 'IBM Crypto for C module' has been upgraded.
For IBMJCEPlus and IBMJCEPlusFIPS providers, the dependent library 'IBM Crypto for C module' has been upgraded. The dependent library for IBMJCEPlus provider has been upgraded from version 184.108.40.206 to 220.127.116.11 The dependent library for IBMJCEPlusFIPS provider has been upgraded from version 18.104.22.168 to 22.214.171.124 The upgrade fixes three Common Vulnerabilities and Exposures(CVE) and extends the sunset date for FIPS 140-2 certification. FIPS 140-2 certification: The IBM Crypto for C module, version 126.96.36.199, is now FIPS 140-2 certified till 11/13/2022 and the new certificate is available at the URL https://csrc.nist.gov/Projects/Cryptographic-Module-Validation-P rogram/Certificate/3064 The new version of the underlying native library used by IBMJCEPlus and IBMJCEPlusFIPS added support for some algorithms, which are not yet supported by IBMJCEPlus and IBMJCEPlusFIPS. These are: RSA-PSS algorithm for digital signature and verification. HMAC-SHA3 algorithms for message authentication code. SHA3 algorithms for creating message digests. AES-CTR algorithm for data encryption and decryption. Refer to the IBM SDK documentation for further details. Common Vulnerabilities and Exposures: The upgrade fixes three CVEs and the conditions under which the vulnerabilities are applicable are listed below. Performing DSA key operations with either IBMJCEPlus or IBMJCEPlusFIPS providers will require applying the upgrade to fix the vulnerability CVE-2016-0705. CVEID: CVE-2016-0705 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a double-free error when parsing DSA private keys. An attacker could exploit this vulnerability to corrupt memory and cause a denial of service. CVSS Base Score: 3.7 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/111140 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L) Performing RSA, DSA operations with either IBMJCEPlus or IBMJCEPlusFIPS providers, on a 64 bit Windows platform, will require applying the upgrade to fix the vulnerabilities CVE-2017-3732 and CVE-2017-3736. CVEID: CVE-2017-3732 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive information, caused by a carry propagating bug in the x86_64 Montgomery squaring procedure. An attacker could exploit this vulnerability to obtain information about the private key. CVSS Base Score: 5.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/121313 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) CVEID: CVE-2017-3736 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive information, caused by a carry propagation flaw in the x86_64 Montgomery squaring function bn_sqrx8x_internal(). An attacker with online access to an unpatched system could exploit this vulnerability to obtain information about the private key. CVSS Base Score: 5.9 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/134397 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N) The associated Hursley RTC Problem Report is: 138002 JVMs affected: Java 8.0 The fix was delivered for Java 8 SR5 FP20 The upgrade does not require any changes to IBMJCEPlus.jar. The build level of this jar for the affected releases is - NA . This APAR will be fixed in the following Java Releases: 8 SR5 FP20 (188.8.131.52) . Contact your IBM Product's Service Team for these Service Refreshes and Fix Packs. For those running stand-alone, information about the available Service Refreshes and Fix Packs can be found at: https://www.ibm.com/developerworks/java/jdk/
Reported component name
Reported component ID
NoSpecatt / Xsystem
Last modified date
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fixed component name
Fixed component ID