Jun 21, 1999 OldVersion.com provides free. software downloads for old versions of programs, drivers and games. So why not downgrade to the version you love? Because newer is not always bett. Java (64-bit) is a Freeware software in the category Web Development developed by Oracle. It was checked for updates 1,257 times by the users of our client application UpdateStar during the last month. The latest version of Java (64-bit) is 10.0.2.0, released on. It was initially added to our database on. Java(TM) SE Runtime Environment for Windows 64-bit v8 update 45 (Latest stable version) 15 Apr 2015 Java(TM) SE Runtime Environment for Windows 64-bit v8 update 40 04 Mar 2015 Java(TM) SE Runtime Environment for Windows 64-bit v8 update 31 21 Jan 2015. Java 6.0 Support Ended September 30, 2017. Archived images are available from Fix Central for Java6 32-bit and Java 6 64-bit. Jump to section: ( References).
Question & Answer
Question
IBM Java for AIX Reference: CVE-2017-1541: Details and Special Handling for IBM Java Version 6.0 for AIX
Answer
CVE Details
ID: CVE-2017-1541
ABSTRACT: DESCRIPTION: A flaw in the AIX JRE/SDK installp and updatep packages prevented the java.security, java.policy and javaws.policy files from being updated correctly.
** Important Notice To Users **
Reviewing, understanding, and following the instructions on this page will result in the quickest resolution to your situation.
Not following these instructions and simply opening a support call may delay the resolution of your situation, as the support team will have to confirm that the instructions on this page have been reviewed and followed.
For IBM Java Version 6.0 for AIX (applies to both 32-bit and 64-bit architectures), for select installp and updatep download images, a packaging flaw prevented the installation of updates to the existing Java security files.
Details can be obtained by referring to either of the following webpages specific to this security vulnerability (a.k.a., CVE):
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1541
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1541
This CVE is also mentioned in the IBM Java July 2017 Security Advisory. This advisory can be accessed using one of the following URLs:
http://aix.software.ibm.com/aix/efixes/security/java_july2017_advisory.asc
https://aix.software.ibm.com/aix/efixes/security/java_july2017_advisory.asc
ftp://aix.software.ibm.com/aix/efixes/security/java_july2017_advisory.asc
This security vulnerability impacts all IBM Java Version 6.0 for AIX (applies to both 32-bit and 64-bit)installp and updatep images between these two releases:
Starting release:
IBM Java 6.0 ServiceRefresh 8 (e.g., SR8)
AIX lslpp level: 6.0.0.200
(e.g., lslpp -hac | grep -i java6)
Java build level: pap3260sr8-20100409_01
(e.g., /usr/java6/jre/bin/java -version or /usr/java6_64/jre/bin/java -version)
Ending release:
IBM Java 6.0 ServiceRefresh 16 FixPack 45 (e.g., SR16 FP45)
AIX lslpp level : 6.0.0.645
(e.g., lslpp -hac | grep -i java6)
Java build level : pap3260sr16fp45-20170420_03
(e.g., /usr/java6/jre/bin/java -version or /usr/java6_64/jre/bin/java -version)
Only the installp and updatep (e.g., IV##### or IZ#####) files are impacted.
When viewing other files, included within the same fix packages for each IBM Java 6.0 Version release, whose filenames contain references to InstallAnywhere, redist, sdk.tar.Z are NOT impacted by this CVE. It is safe to download and install these files.
Furthermore, all IBM Java 7 versions and newer (e.g., IBM Java 7.0, IBM Java 7.1, and IBM Java 8.0, etc) are not impacted. It is safe to download and install the installp and updatep files for these versions.
To obtain the updated Java security files for each of the impacted IBM Java Version 6.0 Service Refresh levels, refer to the sections below.
IBM apologizes for the inconvenience this may have introduced to our customers.
To eliminate further risks to the client's system, IBM has built efix images for the security vulnerability CVE-2017-1541 , validated the security vulnerability is resolved, and made the efix available for the impacted IBM Java Version 6.0 Service Refresh (SR) installations.
** Important Notice **
It is strongly recommended that any existing IBM Java Version 6.0 installation and configuration files be backed up prior to applying any upgrade or efix. Not backing up the existing installation and configuration files could result in a significant loss of service and down time for business critical applications.
Outlined below are the key scenarios along with the instructions for applying the security vulnerability efix for that scenarilo. Identify the scenario that best fits your situation, then click on the link (or scroll down) to view, read, and follow the instructions for that scenario.
a. Install a new IBM Java Version 6.0 with security efix
IBM Java Version 6.0 is not currently installed on the AIX system (e.g., there is no /usr/java6 or /usr/java6_64 directories).
b. Change (e.g., upgrade or downgrade) an existing IBM Java Version 6.0
IBM Java Version 6.0 is already installed (e.g., there is a /usr/java6 and/or /usr/java6_64 directory) and you need to downgrade or upgrade to a different IBM Java Version 6.0 release (e.g., Service Refresh or SR).
When reading the sections below, for any references to the IBM Java download page or CVE-2017-1541 security fix, refer to webpage:
IBM Java for AIX Reference: Service Information and Download Guide
In the IBM Java download page, for IBM Java Version 6.0, each impacted Service Refresh section has the following three hyperlinks on the left side of the page:
1. Required README
Click this link to view this technote for instructions to install the security efix for the applicable scenario.
2. SERVICE_REFRESH
Click this link to download the installp file for the desired IBM Java Version 6.0 Service Refresh release.
where SERVICE-REFRESH denotes the Service Refresh label or name. For example,
SR16FP45
SR16FP5 + Logjam ifx
SR8
3. CVE-2017-1541
Click this link to download the efix for the CVE-2017-1541 security vulnerability for the desired IBM Java Version 6.0 Service Refresh release.
To assist in detemining the applicable scenario, follow these instructions to identify if the IBM Java Version 6.0 already exists on the system and the current release level.
Step 1. Determine whether IBM Java Version 6.0 32-bit, IBM Java Version 6.0 64-bit, or both have been installed on your system.
a. Determine if IBM Java Version 6.0 32-bit is installed by running these commands:
# lslpp -hac | grep -i java6
.........
/usr/lib/objrepos:IBM Java Version 6.0_64.sdk:6.0.0.641::APPLY:COMPLETE:09/13/17:13;02;07
/etc/objrepos:IBM Java Version 6.0.sdk:6.0.0.425::COMMIT:COMPLETE:10/07/16:08;49;41
/etc/objrepos:IBM Java Version 6.0.sdk:6.0.0.425::APPLY:COMPLETE:10/07/16:08;49;41
........
a. Determine if IBM Java Version 6.0 64-bit is installed by running these commands:
# lslpp -hac | grep -i java6_64
......
/etc/objrepos:IBM Java Version 6.0_64.sdk:6.0.0.641::APPLY:COMPLETE:09/13/17:13;02;51
/etc/objrepos:IBM Java Version 6.0_64.sdk:6.0.0.645::APPLY:COMPLETE:09/13/17:13;10;04
/etc/objrepos:IBM Java Version 6.0_64.sdk:6.0.0.641::COMMIT:COMPLETE:09/13/17:13;02;51
/usr/lib/objrepos:IBM Java Version 6.0_64.sdk:6.0.0.645::APPLY:COMPLETE:09/13/17:13;08;25
....
To verify if a IBM Java Version 6.0 release or Service Refresh was installed in Apply mode, run the following command:
# lslpp -ha
If the release was installed inApplymode, the Action column in the command output for that fileset should show as APPLY without any COMMIT for the same fileset.
In the Example below, IBM Java Version 6.0_64.sdk fileset 6.0.0.645 was installed in 'APPLY' mode and the fileset '6.0.0.641' was installed in 'COMMIT' mode. So, the fileset '6.0.0.645' can be rejected to downgrade Java Version 6.0 Service Refesh to Java fileset level '6.0.0.641'.
Fileset Level Action Status Date Time
----------------------------------------------------------------------------
Path: /usr/lib/objrepos
........
IBM Java Version 6.0_64.sdk
6.0.0.641 COMMIT COMPLETE 09/13/17 13:02:07
6.0.0.641 APPLY COMPLETE 09/13/17 13:02:07
6.0.0.645 APPLY COMPLETE 09/13/17 13:08:10
.......
Step 2. Determine the exact build or release of IBM Java Version 6.0 installed
a. For IBM Java Version 6.0 32-bit, run the command:
# /usr/java6/jre/bin/java -version
b. For IBM Java Version 6.0 64-bit, run the command
# /usr/java6_64/jre/bin/java -version
Below is a sample of the type of output from the above commands:
java version '1.6.0'
Java(TM) SE Runtime Environment (build pap6460sr16fp45-20170502_01(SR16 FP45))
IBM J9 VM (build 2.4, JRE 1.6.0 IBM J9 2.4 AIX ppc64-64 jvmap6460sr16fp45-20170407_343279 (JIT enabled, AOT enabled)
J9VM - 20170407_343279
JIT - r9_20170407_343279
GC - GA24_IBM Java Version 6.0_SR16_20170407_1127_B343279)
JCL - 20170420_01
This section contains step-by-step instructions for the installation and removal of the efix the CVE-2017-1541 security vulnerability. It is important to read, understand, and follow these instructions. Failure to follow the instructions may result in a signficant loss of service and down time for the business critical applications.
#1. Understanding the impacted Java security files.
While reviewing the instructions, it is important to understand the location of the Java security files that are impacted by this security vulnerability. Applications will typically reference the Java security files using the following path and filename references:
IBM Java Version 6.0 32-bit:
/usr/java6/jre/lib/security/java.security
/usr/java6/jre/lib/security/java.policy
/usr/java6/jre/lib/security/javaws.security
IBM Java Version 6.0 64-bit:
/usr/java6_64/jre/lib/security/java.security
/usr/java6_64/jre/lib/security/java.policy
/usr/java6_64/jre/lib/security/javaws.security
The above file references are symbolic links to the actual files located in the /etc/java6/jre/lib/security (32-bit), and /etc/java6_64/jre/lib/security (64-bit) directories, respectively.
#2. Backing up existing Java security files prior to the installation of the efix.
Prior to installation of the efix, the Java security files for the existing Java install are automatically saved to directory:
/usr/emgrdata/efixdata/EFIX-LABEL/save
where EFIX-LABEL refers to the efix name (e.g., 'J664S16F45' for 64-bit IBM Java Version 6.0 SR16FP45).
There can be up to 3 Java security files (java.security, java.policy, javaws.policy) impacted as a result of this security vulnerability. Not all Java security files are impacted at each IBM Java Version 6.0 Service Refresh release. Only the impacted Java security files will be automatically backed up. Therefore, it is strongly recommended that all files be manually backed up prior to the installation of this security efix.
Each Java security file automatically backed up during the efix installation will be named using EFSAVE# (where # is a sequence number 1, 2, or 3):
/usr/emgrdata/efixdata/EFIX-LABEL/save/EFSAVE1
/usr/emgrdata/efixdata/EFIX-LABEL/save/EFSAVE2
/usr/emgrdata/efixdata/EFIX-LABEL/save/EFSAVE3
It is up to the user to view each EFSAVE# file content to check the file association with java.security, java.policy, or javaws.policy file.
Once the existing Java security files are saved, the efix will install and overwrite these existing Java security files with the corrected Java security files for that release. At this point, it will be the responsibility of the application vendor or development team to migrate any customized settings from the original copy of the files (e.g., EFSAVE1, EFSAVE2, etc) to the newly installed files (e.g., java.security, java.policy, etc)..
#3. Confirming the efix for CVE-2017-1541 security vulnerability is already installed.
a. To confirm that the efix for CVE-2017-1541 security vulnerability is already installed, run the commands:
# emgr -l | grep -i java
A sample output when the efix has been installed:
ID STATE LABEL INSTALL TIME UPDATED BY ABSTRACT
1 S J664164545 09/11/17 13:35:43 eFix for IBM Java Version 6.0_64 SR16FP45 - SR16FP45
.............
A sample output when efix has not been installed:
There is no efix data on this system.
b. To confirm the list and location of the Java security files included with the efix, run the commands:
# emgr -lv3 | grep -i 'java.*'
A sample output when the efix has been installed:
LOCATION: /etc/java6_64/jre/lib/security/java.security
LOCATION: /etc/java6_64/jre/lib/security/java.policy
LOCATION: /etc/java6_64/jre/lib/security/javaws.policy
#4. Backing up Java security files before removal of the efix.
When the efix is removed, the saved Java security files (e.g., EFSAVE1, EFSAVE2, etc) and the directory containing those files (e.g.,/usr/emgrdata/efixdata/EFIX-LABEL/save) will be removed.
It is strongly recommend that all existing and saved Java security files be backed prior to removal of the efix. Not backing up the existing files may result in a loss of service and down time for business critical applications.
The following commands can be used to make backup copies of the existing files:
a. IBM Java Version 6.0 32-bit (replace EFIX-LABEL with the label for that installed efix)
# mkdir -p /etc/java6/jre/lib/security/EFIX-LABEL
# cd /etc/java6/jre/lib/security
# cp java.security java.policy javaws.policyEFIX-LABEL
# cp /usr/emgrdata/efixdata/EFIX-LABEL/save/EF*EFIX-LABEL
b. IBM Java Version 6.0 64-bit (replace EFIX-LABEL with the label for that installed efix)
# mkdir -p /etc/java6/jre/lib/security/EFIX-LABEL
# cd /etc/java6/jre/lib/security
# cp java.security java.policy javaws.policyEFIX-LABEL
# cp /usr/emgrdata/efixdata/EFIX-LABEL/save/EF*EFIX-LABEL
For all new installations of an impacted IBM Java Version 6.0 release (see Impact section above for details), follow these step-by-step procedures to install the desired Service Refresh release including the efix.
Step 1. Thoroughly read and understand the above sections:
Verify IBM Java Versoin 6.0 Installation
Considerations for the CVE-2017-1541 efix
Step 2. Download the install image and the efix from the IBM Java for AIX Reference: Service Information and Download Guide webpage.
a. On a download webpage, navigate (or search) to the desired IBM Java Version 6.0 release (Service Refresh) level.
b.. Under the 'Download' column for the desired release, click on the 'SERVICE-REFRESH' link (e.g., SR16FP45) to download the install image.
c. Under the install image link, click the link for 'CVE-2017-1541' for that release to download the efix.
Step 3. Install the files
a. For complete instructions for installing the image, please refer to the following webpage:
IBM Java for AIX HowTo: Install or upgrade IBM Java to a specific release (e.g., Service Refresh or Fix Pack)
b. After the Java install image has been applied, install the efix for this release by running the command:
# emgr -e EFIX-PACKAGE-FILENAME
For example:
# emgr -e J664164545.170905.epkg.Z
Step 4. Confirm efix installation
Refer to the above Considerations for the CVE-2017-1541 efix section to confirm the efix has been successfully installed and to identify the location of the Java security files.
For an existing IBM Java Version 6.0 installation that needs either upgraded to a more recent release or downgraded to an older release, perform the following steps.
Step 1. Thoroughly read and understand the above sections:
Verify IBM Java Version 6.0 Installation
Considerations for the CVE-2017-1541 efix
Step 2. Backup all existing Java security files
a. Follow the instructions in the section Considerations for the CVE-2017-1541 efix to backup all existing Java security files.
Step 3. If applicable, remove the existing CVE-2017-1541 security vulnerability efix
a. Read the section Considerations for the CVE-2017-1541 efix to confirm there is an existing CVE-2017-1541 efix installed and to ensure that all existing Java security files are backed up prior to the removal.
b. Uninstall the existing efix by running the following commands:
# emgr -r -L EFIX-PACKAGE-NAME
Example:
# emgr -r -L J632S10S11 --- for package name: J632S10S11.170905.epkg.Z
Step 4. Confirm efix removal
Refer to the above Considerations for the CVE-2017-1541 efix section to confirm the efix has been successfully removed and to identify the location of the backed up Java security files.
Step 5. For both downgrading and upgrading IBM Java Version 6.0 to another release, perform these steps:
a. Follow the instructions in the IBM Java for AIX HowTo: Install, Upgrade, or Downgrade IBM Java webpage.
Step 6. If the efix is reqiured, download and install the efix from the IBM Java for AIX Reference: Service Information and Download Guide webpage.
a. On a download webpage, navigate (or search) to the desired IBM Java Version 6.0 release (Service Refresh) level.
b. Under the 'Download' column for the desired release, click the link for 'CVE-2017-1541' for that release.
c. Install the efix by running the command:
# emgr -e EFIX-PACKAGE-FILENAME
For example:
# emgr -e J664164545.170905.epkg.Z
Step 7. Confirm efix installation
If the efix was installed in Step 6 above, refer to the above Considerations for the CVE-2017-1541 efixsection to confirm the efix has been successfully installed and to identify the location of the Java security files.
For upgrading either of the existing Service Refreshes below:
a. Service Refresh without CVE-2017-1541 security vulnerability
b. Service Refresh with security vulnerability CVE-2017-1541 but without the security fix,
to one of the later Service Refreshes with security vulnerability listed in the 'impact' section above, follow instructions below.
1. Backup existing security files:
/etc/JAVA/jre/lib/security/java.security
/etc/JAVA/jre/lib/security/java.policy
/etc/JAVA/jre/lib/security/javaws.policy
2. At the IBM Java download page, go to the section for the Service Refresh with security vulnerability the existing Service Refresh will be upgraded to.
3. Under the 'Download' column, click 'SERVICE-REFRESH' to download the Service Refresh image.
For Example:
to installSERVICE-REFRESH SR16 FP45, in the 'Download' column, click on: 'SR16FP45' or 'SR16FP4 + Logjam fix'
4. For help with downloading and installing the Service refresh, refer to :
IBM Java for AIX HowTo: Install or upgrade IBM Java to a specific release (e.g., Service Refresh or Fix Pack)
5. Verify the installed Service Refresh:
# JAVA-INSTALL/jre/bin/java -version
Output should show the upgraded Service Refresh (SR) number.
6. Download the security fix by clicking 'CVE-2017-1541' in the upgraded Service Refresh (SR) section.
7. Install the efix:
# emgr -e EFIX-PACKAGE-NAME
for example:
# emgr -e /tmp/J632S10S11.170905.epkg.Z
8. Refer to 'efix Process' section to verify efix install, for the files backed up and their location.
9. Merge any configuration changes from the pre Service Refresh upgrade saved files from Step 1 above to the efix installed security files:
/etc/JAVA/jre/lib/security/java.security
/etc/JAVA/jre/lib/security/java.policy
/etc/JAVA/jre/lib/security/javaws.policy
For upgrading existing Service Refresh with the CVE-2017-1541 security fix to one of the higher Service Refreshes, follow the instructions below.
1. Refer to 'efix Remove' in 'efix Process' section above to backup files.
2. Remove the efix install:
# emgr -r -LEFIX-PACKAGE-NAME
Example:
#emgr -r -L J632S10S11 --- for package name: J632S10S11.170905.epkg.Z
3. At the IBM Java download page, go to the section for the Service Refresh the existing Service Refresh will be upgraded to.
4. Under the 'Download' column, click 'SERVICE-REFRESH' to download the Service Refresh image.
For Example:
to installSERVICE-REFRESH SR16 FP45, in the 'Download' column, click on: 'SR16FP45' or 'SR16FP4 + Logjam fix'
5. For help with downloading and installing the Service refresh, refer to:
IBM Java for AIX HowTo: Install or upgrade IBM Java to a specific release (e.g., Service Refresh or Fix Pack)
6. Verify the Service Refresh install:
# JAVA-INSTALL/jre/bin/java -version
where JAVA-INSTALL for 32-bit, for example is '/usr/java6' and for 64-bit, for example is '/usr/java6_64'
Output should show the upgraded Service Refresh (SR) number.
7. Refer to the 'Impact' section above, to check if the upgraded Service Refresh has security vulnerability.
Download the CVE-2017-1541 security fix by clicking on the 'CVE-2017-1541' for the Service Refresh (SR) upgrading to.
8. Install the efix with command:
# emgr -e EFIX-PACKAGE-NAME
for example:
# emgr -e /tmp/J632S10S11.170905.epkg.Z
9. Refer to 'efix Process' section to verify efix install, for the files backed up and their location.
10. Merge any:configuration changes from the pre efix removal saved security files or the pre-efix install saved security files to the new Service Refresh efix installed security files:
/etc/JAVA/jre/lib/security/java.security
/etc/JAVA/jre/lib/security/java.policy
/etc/JAVA/jre/lib/security/javaws.policy
To downgrade from a higher Service Refresh without security vulnerability to a lower Service Refresh level, follow instructions below. The Service Refresh being downgraded should be an upgrade install in 'Apply' mode. Refer to 'Verify IBM Java Version 6.0 Install' section above to confirm.
1. Prior to downgrade, backup existing Java security files:
# cp /etc/JAVA/jre/lib/security/java.security /etc/JAVA/jre/lib/security/java.security-upgrade
# cp /etc/JAVA/jre/lib/security/java.policy /etc/JAVA/jre/lib/security/java.security-upgrade
# cp /etc/JAVA/jre/lib/security/javaws.policy /etc/JAVA/jre/lib/security/java.security-upgrade
2. As a root user, uninstall the existing upgraded Service Refresh install:
At the command prompt, type 'smitty'
In smitty, select:
Software Installation and Maintenance->Software Maintenance and Utilities->Reject Applied Software Updates (Use Previous Version)
for ' SOFTWARE name' field -- type Esc-4 and select 'IBM Java Version 6.0_64.sdk' from the list of Software names displayed
Hit enter to uninstall.
3. The Java security files below should revert back to pre-upgrade level. If the efix for the security vulnerability CVE-2017-1541 was installed prior to Java Service Refersh upgrade, efix installed files along with any changes should be preserved.
/etc/JAVA/jre/lib/security/java.security
/etc/JAVA/jre/lib/security/java.policy
/etc/JAVA/jre/lib/security/javaws.policy
4. If the downgraded Java Service Refresh level has CVE-2017-1541 security vulnerability, install efix:
a. At the IBM Java download page, cliick on 'CVE-2017-1541' to download the securify vulnerability fix for the downgraded Service Refresh.
b. Install the efix:
# emgr -e EFIX-PACKAGE-NAME
c. Refer to 'efix Process' section above to verify the efix Install, for the files backed up files and their location.
1. Backup existing efix installed security files:
# cp /etc/JAVA/jre/lib/security/java.security /etc/JAVA/jre/lib/security/java.security-upgrade-efix
# cp /etc/JAVA/jre/lib/security/java.policy /etc/JAVA/jre/lib/security/java.policy-upgrade-efix
# cp /etc/JAVA/jre/lib/security/javaws.policy /etc/JAVA/jre/lib/security/java.policy-upgrade-efix
2. Remove the efix install if security fix is installed. Refer to
# emgr -r -L EFIX-PACKAGE-NAME
3. Refer to 'efix Process' section above to verify the efix is removed, and for the files backed up and their location.
4. Uninstall the existing Service Refresh install in 'Apply' mode:
At the command prompt, type 'smitty'
Then, In smitty, select:
Software Installation and Maintenance->Software Maintenance and Utilities->Reject Applied Software Updates (Use Previous Version)
for ' SOFTWARE name' field -- type Esc-4 and select 'IBM Java Version 6.0_64.sdk' from the list of Software names displayed
Hit enter to uninstall.
5. The Java security files below should revert back to pre-upgrade level. If the efix for the security vulnerability CVE-2017-1541 was installed prior to Java Service Refersh upgrade, efix installed files along with any changes should be preserved.
/etc/JAVA/jre/lib/security/java.security
/etc/JAVA/jre/lib/security/java.policy
/etc/JAVA/jre/lib/security/javaws.policy
4. If the downgraded Java Service Refresh level has CVE-2017-1541 security vulnerability, install efix:
a. At the IBM Java download page, cliick on 'CVE-2017-1541' to download the securify vulnerability fix for the downgraded Service Refresh.
b. Install the efix:
# emgr -e EFIX-PACKAGE-NAME
c. Refer to 'efix Process' section above to verify the efix Install, for the files backed up files and their location.
If, after reading and following the above instructions, further assistance is required, or you need to request an ifix for which an ifix is not available on FixCentral, please contact IBM Support to open a support case. When contacting IBM Support, please follow these instructions:
1. Indicate that you could not find the desired ifix on FixCentral, you need an ifix for CVE-2017-1541, provide your specific IBM Java Version 6.0 for AIX release.
To determine the Java release being used, please review and complete the instructions in this webpage:
https://www-01.ibm.com/support/docview.wss?uid=isg3T1024496
Not providing the Java release being used at the time the call is opened will result in a delay in processing the ifix request.
2. Ensure that you have a valid and active AIX support contract for the version of AIX being used on the system.
A valid and active AIX support contract is required to contact support to request the ifix.
3. Request that the case be forwarded to the IBM AIX Java support team by refering to the queue JAVAIX,165.
The case will be forwarded to the IBM AIX Java team who will promptly assist with the ifix request.
If, after reading and following the above instructions, further assistance is required, please complete the following steps:
1. Confirm that you have review and completed all of the above steps.
2. Contact IBM and open a new IBM service request (i.e., a new IBM PMR).
3. Collect and upload data as per the data collection procedures noted in the above sections or package and upload the current data and details by following the instructions on this web page:
IBM Java for AIX MustGather: How to upload diagnostic data and testcases to IBM
| Document Type: | Technical Document |
| Content Type: | General |
| Hardware: | all Power |
| Operating System: | all AIX Versions |
| IBM Java: | Java 6 |
| Author(s): | Rama Tenjarla |
| Reviewer(s): | Roger Leuckie |
Document Information
Modified date:
17 June 2018
Update Release Notes Index
About 1.6.0_14 (6u14) for Itanium® architecture
1.6.0_14 for Itanium® architecture is a port of JDK 6 update 14 to the Itanium® (64 bit) architecture.
The full internal version number for this update release is 1.6.0_14-b0803 (where 'b' means 'build'). The external version number is 6u14. Included in JDK 6u14 for Itanium® architecture is version 14.0 of the Java HotSpot Server Virtual Machine.
The following JDK, JRE tools are not included in JDK, JRE 6u14 for Itanium® architecture release:
- Java Plug-in
- Java Web Start
- Java Update
- JavaDB (JavaDB is included only into Linux self-extracting JDK distributive)
- Java VisualVM
Please refer to JDK tools and Utilities for JDK tools description.
Only offline installation is available for JDK, JRE 6u14 for Itanium® architecture.
Changes in 1.6.0_14 (6u14) for Itanium® architecture
- See changes in 1.6.0_14 common for all platforms in Java SE 6 Update 14 Release Notes, except for the following:
- Garbage First (G1) garbage collector and Compressed object pointers are not yet ported to Itanium® architecture.
- Optimizations using Escape Analysis are not well tested on Itanium® architecture.
- Serviceability Agent on Windows
In 6u14 the Serviceability Agent is included in both Linux and Windows distributions of JDK 6u14 for Itanium® architecture. In previous update releases the Serviceability Agent was included only in Linux distributions.
Tools based on read-only subset of JDI API should work with Serviceability Agent on Linux and Windows for Itanium® architecture. The JDK includes a set of such tools: jdb, jinfo, jmap, jstack.
See known Serviceability Agent issues and limitations section for known bugs in the Seviceability Agent and possible workarounds.
See also Serviceability components description provided by OpenJDK Serviceability Group.
- Supported System Configurations
For 6u14, three Linux supported system configurations has been changed:
- Linux Suse Enterprise Linux Server 9 SP4 (for previous update releases it was SP3)
- Linux Suse Enterprise Linux Server 10 SP2 (for previous update releases it was SP1)
- Red Hat Enterprise Linux 4.0 U7 (for previous update releases it was U5)
See Supported System Configurations for the complete list of supported configurations.
- Performance
The 6u14 release for Itanium® architecture substantially improved performance on a range of server applications. This is achieved with both platform independent work described in Java SE 6 Update 14 Release Notes and Itanium® architecture specific improvements such as optimized memory copy routines and C2 JIT compiler enhancements.
The following set of command line options are recommended for running high performance server applications:
Supported System Configurations
| Platform | Version | Desktop Managers | Browsers | JRE | JDK |
|---|---|---|---|---|---|
| Windows 64 bit | |||||
| Windows IA64 | Windows Server 2003 SP2 | Windows/Active for Windows | 64-bit Install | 64-bit Install | |
| Windows Server 2008 for Itanium-Based Systems SP1 | |||||
| Linux 64 bit | |||||
| Linux IA64 | Linux Suse Enterprise Linux Server 9 SP4, Suse Enterprise Linux Server 10 SP2 | N/A | N/A | 64-bit Install | 64-bit Install |
| Red Hat Enterprise Linux 4.0 U7, Red Hat Enterprise Linux 5.0 U2 | |||||
JDK, JRE Installation for Microsoft Windows (Itanium® architecture)
The installation procedure installs the JDK or JRE 6u14 but not the Java Plugin or Java Web Start or public Java Runtime Environment (when JDK is installed).
To install, download jdk-6u14-windows-ia64.exe or jre-6u14-windows-ia64.exe file and then follow the 32-bit Windows JDK installation or 32-bit Windows JRE installation 'Windows Offline Installation' instructions.
JDK, JRE Installation for Linux (Itanium® architecture)
The installation procedure installs the JRE or JDK 6u14 but not the Java Plugin or Java Web Start or the public Java Runtime Environment (when JDK is installed).
The JDK, JRE for Linux 64-bit comes bundled in two install formats - Linux self-extracting files jdk-6u14-linux-ia64.bin, jre-6u14-linux-ia64.bin and Linux RPM in self-extracting files jdk-6u14-linux-ia64-rpm.bin, jre-6u14-linux-ia64-rpm.bin.
To install, download necessary file and then follow the 32-bit Linux JDK installation or 32-bit Linux JRE installation instructions.
Known installation issues
- On Linux systems (specifically, on SLES 9) *-rpm.bin installation can report dmidecode unaligned access:
The bundles install successfully. Message printing can be disabled by command 'prctl --unaligned=silent'.
The message is a warning for the user that application (dmidecode) works inefficient from performance perspective. The issue is resolved in dmidecode 2.7.
- On Linux systems, when *-rpm.bin file is used for JDK (JRE) installation, JDK (JRE) of lower version can not be installed if on the same system JDK (JRE) of higher version is installed.
For example, JDK (JRE) 6u13 can not be installed using jdk(jre)-6u13-linux-ia64-rpm.bin file if, on the same machine, JDK (JRE) 6u14 was previously installed using jdk(jre)-6u14-linux-ia64-rpm.bin.
Installation reports:
Preparing... ########################################### [100%] package jdk-1.6.0_14-fcs (which is newer than jdk-1.6.0_13-fcs) is already installed JDK (JRE) 6u13 is not installed.
Workarounds are:
- Un-install JDK (JRE) 6u14, then, install JDK (JRE) 6u13 using jdk(jre)-6u13-linux-ia64-rpm.bin, or
- Install JDK (JRE) 6u13 using jdk(jre)-6u13-linux-ia64.bin file
- If JDK (JRE) 6u14 was installed using jdk(jre)-6u14-linux-ia64.bin, installation of JRE (JDK) 6u13 using jre(jdk)-6u13-linux-ia64.bin passes successfully.
- On Windows systems after installation of JDK (or JRE) the registry key 'HKEY_LOCAL_MACHINESOFTWAREJavaSoftJava Development Kit1.6' (for JDK), 'HKEY_LOCAL_MACHINESOFTWAREJavaSoftJava Runtime Environment1.6' (for JRE) should contain value 'JavaHome' with the full path name of the directory in which JDK (or JRE) of the highest version is installed.
After installation of Itanium JDK (or JRE) of lower version on top of higher version (for example, 6u13 on top of 6u14), 'JavaHome' contains the path to the last installed JDK (or JRE) instead of the path to the JDK (or JRE) of the highest installed version. After un-installation the value is removed.
The workaround is to put the correct value to the Windows registry manually. A more accurate workaround is to un-install previously installed JDK (or JRE) and install required version. See Deploying the JRE on Windows for more details about registry values.
- On Windows consecutive JDK/JRE installations/uninstallations can lead (very rare) to:
Error 1334.The file 'javaw.exe' cannot be installed because the file cannot be found in cabinet file 'Data1.cab'. This could indicate a network error, an error reading from the CD-ROM, or a problem with this package
or
Internal Error 2356. Data1.cab
The second case can block installation/uninstallation, as the installer reports that there is a suspended installation process. A reboot of the system helps. After reboot, please, uninstall the previously installed JDK/JRE. Confirm the message, if it appears:
Error 1704.An installation for Java(TM) SE Runtime Environment 6 Update 14 is currently suspended. You must undo the changes made by that installation to continue. Do you want to undo those changes?
Java 6.0 64 Bit Download
Known issues and limitations
- The JVM can intermittently crash with SIGILL on Linux RHEL4 for Itanium® architecture when executed from an NFS mounted directory.
This is a known bug in kernels of version less than 2.6.22. Processors older than Montecito (e.g. Madison, McKinley) are not affected.
RHEL4 (Nahant Update 5), kernel 2.6.9-55.EL has this bug. In RHEL5.2(Tikanga), kernel 2.6.18-92.el5 the bug is fixed.
Possible workarounds are:
- Run java from a local directory.
- Migrate to a newer kernel in which this bug is fixed, for example, to RHEL5.2 or RHEL4.6.
- Apply patch linux-2.6-mm-ia64-flush-i-cache-before-set_pte.patch (from kernel-2.6.18-92.el5.src.rpm) to your kernel.
- The JVM can intermittently crash when executed on Montecito or Montvale microprocessors, SLES 9 (any SP) operating system with Hyper-Threading enabled. The crash is rare. It occurs due to issues in the OS kernel. Typically, the crash is caused by a SIGILL (si_errno=0, si_code=1 (ILL_ILLOPC)) signal.
Workarounds are:
- Disable Hyper-Threading either completely (in BIOS) or partially for JVM process only using 'taskset' utility.
- Use SLES 10.
Java 64 Bit Version 6.0 Download
- The JVM can intermittently crash on Windows 2003 SP1 for Itanium® architecture when it is run from network drive. A workaround is to install the JRE or JDK on local disk. The problem disappears after installing 'Windows Server 2003 Service Pack 2 for Itanium-based Systems'
Serviceablity Agent (SA) issues:
- SA can fail to show thread stack frames, instead it throws InternalError with diagnostic message PH*PH*PHuFFFDPH*PH*PHFailed to decode stackPH*PH*PHuFFFDPH*PH*PH. Workaround: for running processes use JVMTI Agent.
- SA can fail to show some local variables of stack frames, instead it throws unexpected exception (typically, NullPointerException or AssertionFailure). Workaround: try to start JVM with –XX:+FullSASupport option.
- Sometimes SA can show incorrect values for Long and Double locals. Workaround: for running processes use JVMTI Agent.
- SA can show incorrect code location in method on top of stack, shown location is not far from real. Workaround: for running processes use JVMTI Agent.
On Windows SA does not accept dump file generated by default (MiniDumpNormal type of information that is written to the minidump file). Workaround: specify PH*PH*PHuFFFDPH*PH*PHXX:ErrorDumpLevel=2 JVM option (MiniDumpWithFullMemory type).
- jstack (experimental tool) does not print mixed mode (both Java and native C/C++ frames) stack trace when option -m is specified, exception with diagnostic 'not yet implemented (debugger does not support CDebugger)!' is thrown. The reason is that CDebugger is not implemented for Itanium® architecture. Workaround: do not use -m option or use different tool.
- ALSA (Advanced Linux Sound Architecture, http://www.alsa-project.org/wiki/Main_Page) sound support is not included in this release.
- Java 6 does not support Sun PKCS#11 and SunMSCAPI providers for Windows 64-bit (see native security features availability in various operating systems in Leveraging Security in the Native Platform Using Java SE 6 Technology article). These providers are not a part of Java 6 for Windows Itanium® architecture. If necessary, one can use implementations of these providers offered by third parties.