OBSOLETE Patch-ID# 143140-04


Download this patch from My Oracle Support

Your use of the firmware, software and any other materials contained in this update is subject to My Oracle Support Terms of Use, which may be viewed at My Oracle Support.
For further information on patching best practices and resources, please see the following links:
Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.

Keywords: security sshd authentication timeout exit of monitor
Synopsis: Obsoleted by: 143559-03 SunOS 5.10: ssh patch
Date: Jun/18/2010


Install Requirements: Reboot after installing this patch to activate the changes delivered. An alternative may be specified in the Special Install Instructions.

Solaris Release: 10

SunOS Release: 5.10

Unbundled Product:

Unbundled Release:

Xref: This patch available for x86 as patch 141525

Topic: SunOS 5.10: ssh patch

Relevant Architectures: sparc

Bugs fixed with this patch:

Sun CR # Bug #
659982115420635
685073415569241
686871615580587
688225515589857
688665615593062
689451915598739
689854615601591


Changes incorporated in this version: 6898546

Patches accumulated and obsoleted by this patch:

Patches which conflict with this patch:

Patches required with this patch: 118833-36 120011-14 127127-11 137137-09 139555-08 141444-09 (or greater)

Obsoleted by: 143559-03

Files included with this patch:

/usr/bin/scp
/usr/bin/sftp
/usr/bin/ssh
/usr/bin/ssh-add
/usr/bin/ssh-agent
/usr/bin/ssh-keygen
/usr/bin/ssh-keyscan
/usr/lib/ssh/sftp-server
/usr/lib/ssh/ssh-keysign
/usr/lib/ssh/sshd
/usr/sfw/bin/openssl
/usr/sfw/include/openssl/opensslv.h
/usr/sfw/include/openssl/ssl.h
/usr/sfw/include/openssl/ssl3.h
/usr/sfw/include/openssl/tls1.h
/usr/sfw/lib/libcrypto.so.0.9.7
/usr/sfw/lib/libcrypto_extra.so.0.9.7
/usr/sfw/lib/libssl.so.0.9.7
/usr/sfw/lib/libssl_extra.so.0.9.7
/usr/sfw/lib/llib-lssl.ln
/usr/sfw/lib/sparcv9/libcrypto.so.0.9.7
/usr/sfw/lib/sparcv9/libcrypto_extra.so.0.9.7
/usr/sfw/lib/sparcv9/libssl.so.0.9.7
/usr/sfw/lib/sparcv9/libssl_extra.so.0.9.7
/usr/sfw/lib/sparcv9/llib-lssl.ln

Problem Description:

6898546 fix TLS renegotiation problem in OpenSSL (CVE-2009-3555)
 
(from 143140-03)
 
6599821 CVE-2007-3108 needs to be fixed
 
(from 143140-02)
 
6850734 enabled aes192/aes256 support in ssh/sshd does not work on S10U3 or older releases
6882255 sftp connection fails when .bashrc generates output on stderr
6886656 unlimited window size causes problems with limited buffer sizes
6894519 USE_PIPES is not used on Solaris and should be removed
 
(from 143140-01)
 
6868716 dangling sshd authentication thread after timeout exit of monitor


Patch Installation Instructions:
--------------------------------
 
Please refer to the man pages for instructions on using 'patchadd'
and 'patchrm' commands provided with Solaris.
 
The following example installs a patch to a standalone machine:
 
       example# patchadd /var/spool/patch/123456-07
 
The following example removes a patch from a standalone system:
 
       example# patchrm 123456-07
 
For additional examples please see the appropriate man pages. Any
other special or non-generic installation instructions should be
described below as special instructions.


Special Install Instructions:
-----------------------------
 
NOTE 1:  After patch installation, please restart the sshd service via the
         following command:
 
         svcadm restart svc:/network/ssh:default


README -- Last modified date: Saturday, November 10, 2012