OBSOLETE Patch-ID# 143559-10


Download this patch from My Oracle Support

Your use of the firmware, software and any other materials contained in this update is subject to My Oracle Support Terms of Use, which may be viewed at My Oracle Support.
For further information on patching best practices and resources, please see the following links:
Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.

Keywords: security sshd authentication timeout exit of monitor
Synopsis: Obsoleted by: 144500-19 SunOS 5.10: ssh scp patch
Date: Jun/03/2011


Install Requirements: Reboot after installing this patch to activate the changes delivered. An alternative may be specified in the Special Install Instructions.

Solaris Release: 10

SunOS Release: 5.10

Unbundled Product:

Unbundled Release:

Xref: This patch available for x86 as patch 145802 and 146859

Topic: SunOS 5.10: ssh scp patch

Relevant Architectures: sparc

Bugs fixed with this patch:

Sun CR # Bug #
633626615291741
648009015354782
649241515360689
654199515388170
654357715389053
659982115420635
662851615437740
668815315472584
671434615487232
685073415569241
686871615580587
688225515589857
688665615593062
689451915598739
689854615601591
695384515644261
695385415644266
696823315655307
697834815663615
698349715667923
698918215672643
699364315676269
701391015692909
701577115694276
702070115697953


Changes incorporated in this version: 6492415 6628516 6968233 7020701

Patches accumulated and obsoleted by this patch: 143140-04

Patches which conflict with this patch:

Patches required with this patch: 118833-36 120011-14 127127-11 137137-09 139555-08 141444-09 (or greater)

Obsoleted by: 144500-19

Files included with this patch:

/usr/bin/scp
/usr/bin/sftp
/usr/bin/ssh
/usr/bin/ssh-add
/usr/bin/ssh-agent
/usr/bin/ssh-keygen
/usr/bin/ssh-keyscan
/usr/lib/ssh/sftp-server
/usr/lib/ssh/ssh-keysign
/usr/lib/ssh/sshd
/usr/sfw/bin/openssl
/usr/sfw/include/openssl/opensslv.h
/usr/sfw/include/openssl/ssl.h
/usr/sfw/include/openssl/ssl3.h
/usr/sfw/include/openssl/tls1.h
/usr/sfw/lib/libcrypto.so.0.9.7
/usr/sfw/lib/libcrypto_extra.so.0.9.7
/usr/sfw/lib/libssl.so.0.9.7
/usr/sfw/lib/libssl_extra.so.0.9.7
/usr/sfw/lib/llib-lssl.ln
/usr/sfw/lib/sparcv9/libcrypto.so.0.9.7
/usr/sfw/lib/sparcv9/libcrypto_extra.so.0.9.7
/usr/sfw/lib/sparcv9/libssl.so.0.9.7
/usr/sfw/lib/sparcv9/libssl_extra.so.0.9.7
/usr/sfw/lib/sparcv9/llib-lssl.ln

Problem Description:

6492415 ignore UsePrivilegeSeparation keyword in SunSSH
6628516 old OpenSSH privilege separation code is not needed in SunSSH
6968233 problem with ssh server
7020701 problem with ssh server
 
(from 143559-09)
 
7013910 Sun ssh lacks mandatory diffie-hellman-group14-sha1 support
 
(from 143559-08)
 
6688153 sshd should not call setsockopt() on a non socket
6714346 sshd does not enforce empty password restrictions
6978348 ssh/sftp via inetd records the peername as a "UNKNOWN" after HW crypto change
6993643 VerifyReverseMapping handling of ifdef IPV4_IN_IPV6 incomplete: cannot verify
 
(from 143559-07)
 
6989182 CVE 2008-7270 change SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG behavior
7015771 fix CVE-2010-4180 in OpenSSL
 
(from 143559-06)
 
6983497 ssh and scp commands with multiple @ fail with node name or service name not known
 
(from 143559-05)
 
6336266 ssh SIGWINCH handling races; some servers are very unforgiving
6543577 ssh hangs when logging out
6953845 sshd monitor process needs better debugging
6953854 channel handler could process just created channels
 
(from 143559-04)
 
6480090 ConnectTimeout functionality desired for SUNWssh
6541995 honor Host directives when processing ConnectTimeout option
 
(from 143559-03)
 
        This revision accumulates generic Sustaining patch 143140-04
        into Solaris S10U9 update.
 
(from 143559-02)
 
        This revision accumulates generic Sustaining patch 143140-03
        into Solaris S10U9 update.
 
(from 143559-01)
 
        This revision accumulates generic Sustaining patch 143140-02
        into Solaris S10U9 update.
 
(from 143140-04)
 
6898546 fix TLS renegotiation problem in OpenSSL (CVE-2009-3555)
 
(from 143140-03)
 
6599821 CVE-2007-3108 needs to be fixed
 
(from 143140-02)
 
6850734 enabled aes192/aes256 support in ssh/sshd does not work on S10U3 or older releases
6882255 sftp connection fails when .bashrc generates output on stderr
6886656 unlimited window size causes problems with limited buffer sizes
6894519 USE_PIPES is not used on Solaris and should be removed
 
(from 143140-01)
 
6868716 dangling sshd authentication thread after timeout exit of monitor


Patch Installation Instructions:
--------------------------------
 
Please refer to the man pages for instructions on using 'patchadd'
and 'patchrm' commands provided with Solaris.
 
The following example installs a patch to a standalone machine:
 
       example# patchadd /var/spool/patch/123456-07
 
The following example removes a patch from a standalone system:
 
       example# patchrm 123456-07
 
For additional examples please see the appropriate man pages. Any
other special or non-generic installation instructions should be
described below as special instructions.


Special Install Instructions:
-----------------------------
 
NOTE 1:  Reboot the system after patch installation.
 
         This patch requires a reboot to restart the sshd(1M) daemon.  Until
         the daemon is restarted it will continue to run the older version of
         the software.
 
         The sshd daemon may be restarted manually when convenient by
         assuming a role with the necessary privileges and performing
         the following command:
 
         # svcadm restart svc:/network/ssh
 
         These special instructions are only relevant if the changes
         contained herein are not incorporated into a patch which
         explicitly requires a reboot.


README -- Last modified date: Saturday, November 10, 2012