OBSOLETE Patch-ID# 143140-04
Download this patch from My Oracle Support
Your use of the firmware, software and any other materials contained
in this update is subject to My Oracle Support Terms of Use, which
may be viewed at My Oracle Support.
|
For further information on patching best practices and resources, please
see the following links:
|
Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.
|
Keywords: security sshd authentication timeout exit of monitor
Synopsis: Obsoleted by: 143559-03 SunOS 5.10: ssh patch
Date: Jun/18/2010
Install Requirements: Reboot after installing this patch to activate the changes delivered. An alternative may be specified in the Special Install Instructions.
Solaris Release: 10
SunOS Release: 5.10
Unbundled Product:
Unbundled Release:
Xref: This patch available for x86 as patch 141525
Topic: SunOS 5.10: ssh patch
Relevant Architectures: sparc
Bugs fixed with this patch:
Changes incorporated in this version: 6898546
Patches accumulated and obsoleted by this patch:
Patches which conflict with this patch:
Patches required with this patch: 118833-36 120011-14 127127-11 137137-09 139555-08 141444-09 (or greater)
Obsoleted by: 143559-03
Files included with this patch:
/usr/bin/scp
/usr/bin/sftp
/usr/bin/ssh
/usr/bin/ssh-add
/usr/bin/ssh-agent
/usr/bin/ssh-keygen
/usr/bin/ssh-keyscan
/usr/lib/ssh/sftp-server
/usr/lib/ssh/ssh-keysign
/usr/lib/ssh/sshd
/usr/sfw/bin/openssl
/usr/sfw/include/openssl/opensslv.h
/usr/sfw/include/openssl/ssl.h
/usr/sfw/include/openssl/ssl3.h
/usr/sfw/include/openssl/tls1.h
/usr/sfw/lib/libcrypto.so.0.9.7
/usr/sfw/lib/libcrypto_extra.so.0.9.7
/usr/sfw/lib/libssl.so.0.9.7
/usr/sfw/lib/libssl_extra.so.0.9.7
/usr/sfw/lib/llib-lssl.ln
/usr/sfw/lib/sparcv9/libcrypto.so.0.9.7
/usr/sfw/lib/sparcv9/libcrypto_extra.so.0.9.7
/usr/sfw/lib/sparcv9/libssl.so.0.9.7
/usr/sfw/lib/sparcv9/libssl_extra.so.0.9.7
/usr/sfw/lib/sparcv9/llib-lssl.ln
Problem Description:
6898546 fix TLS renegotiation problem in OpenSSL (CVE-2009-3555)
(from 143140-03)
6599821 CVE-2007-3108 needs to be fixed
(from 143140-02)
6850734 enabled aes192/aes256 support in ssh/sshd does not work on S10U3 or older releases
6882255 sftp connection fails when .bashrc generates output on stderr
6886656 unlimited window size causes problems with limited buffer sizes
6894519 USE_PIPES is not used on Solaris and should be removed
(from 143140-01)
6868716 dangling sshd authentication thread after timeout exit of monitor
Patch Installation Instructions:
--------------------------------
Please refer to the man pages for instructions on using 'patchadd'
and 'patchrm' commands provided with Solaris.
The following example installs a patch to a standalone machine:
example# patchadd /var/spool/patch/123456-07
The following example removes a patch from a standalone system:
example# patchrm 123456-07
For additional examples please see the appropriate man pages. Any
other special or non-generic installation instructions should be
described below as special instructions.
Special Install Instructions:
-----------------------------
NOTE 1: After patch installation, please restart the sshd service via the
following command:
svcadm restart svc:/network/ssh:default
README -- Last modified date: Saturday, November 10, 2012