OBSOLETE Patch-ID# 143140-04 NOTE: *********************************************************************** READ THE TERMS OF THE AGREEMENT ("AGREEMENT") IN THE LEGAL_LICENSE.TXT FILE CAREFULLY BEFORE USING THIS SOFTWARE. BY USING THE SOFTWARE, YOU AGREE TO THE TERMS OF THIS AGREEMENT. IF YOU DO NOT AGREE TO ALL OF THE TERMS, PROMPTLY DESTROY THE UNUSED SOFTWARE. *********************************************************************** For further information on patching best practices and resources, please see the Big Admin Patching Center: http://www.oracle.com/technetwork/systems/patches *********************************************************************** Keywords: security sshd authentication timeout exit of monitor Synopsis: Obsoleted by: 143559-03 SunOS 5.10: ssh patch Date: Jun/18/2010 Install Requirements: Reboot after installing this patch to activate the changes delivered. An alternative may be specified in the Special Install Instructions. Solaris Release: 10 SunOS Release: 5.10 Unbundled Product: Unbundled Release: Xref: This patch available for x86 as patch 141525 Topic: SunOS 5.10: ssh patch Relevant Architectures: sparc BugId's fixed with this patch: 6599821 6850734 6868716 6882255 6886656 6894519 6898546 Changes incorporated in this version: 6898546 Patches accumulated and obsoleted by this patch: Patches which conflict with this patch: Patches required with this patch: 118833-36 120011-14 127127-11 137137-09 139555-08 141444-09 (or greater) Obsoleted by: Files included with this patch: /usr/bin/scp /usr/bin/sftp /usr/bin/ssh /usr/bin/ssh-add /usr/bin/ssh-agent /usr/bin/ssh-keygen /usr/bin/ssh-keyscan /usr/lib/ssh/sftp-server /usr/lib/ssh/ssh-keysign /usr/lib/ssh/sshd /usr/sfw/bin/openssl /usr/sfw/include/openssl/opensslv.h /usr/sfw/include/openssl/ssl.h /usr/sfw/include/openssl/ssl3.h /usr/sfw/include/openssl/tls1.h /usr/sfw/lib/libcrypto.so.0.9.7 /usr/sfw/lib/libcrypto_extra.so.0.9.7 /usr/sfw/lib/libssl.so.0.9.7 /usr/sfw/lib/libssl_extra.so.0.9.7 /usr/sfw/lib/llib-lssl.ln /usr/sfw/lib/sparcv9/libcrypto.so.0.9.7 /usr/sfw/lib/sparcv9/libcrypto_extra.so.0.9.7 /usr/sfw/lib/sparcv9/libssl.so.0.9.7 /usr/sfw/lib/sparcv9/libssl_extra.so.0.9.7 /usr/sfw/lib/sparcv9/llib-lssl.ln Problem Description: 6898546 fix TLS renegotiation problem in OpenSSL (CVE-2009-3555) (from 143140-03) 6599821 CVE-2007-3108 needs to be fixed (from 143140-02) 6850734 enabled aes192/aes256 support in ssh/sshd does not work on S10U3 or older releases 6882255 sftp connection fails when .bashrc generates output on stderr 6886656 unlimited window size causes problems with limited buffer sizes 6894519 USE_PIPES is not used on Solaris and should be removed (from 143140-01) 6868716 dangling sshd authentication thread after timeout exit of monitor Patch Installation Instructions: -------------------------------- Please refer to the man pages for instructions on using 'patchadd' and 'patchrm' commands provided with Solaris. The following example installs a patch to a standalone machine: example# patchadd /var/spool/patch/123456-07 The following example removes a patch from a standalone system: example# patchrm 123456-07 For additional examples please see the appropriate man pages. Any other special or non-generic installation instructions should be described below as special instructions. Special Install Instructions: ----------------------------- NOTE 1: After patch installation, please restart the sshd service via the following command: svcadm restart svc:/network/ssh:default README -- Last modified date: Tuesday, September 7, 2010