OBSOLETE Patch-ID# 145802-06
Download this patch from My Oracle Support
Your use of the firmware, software and any other materials contained
in this update is subject to My Oracle Support Terms of Use, which
may be viewed at My Oracle Support.
|
For further information on patching best practices and resources, please
see the following links:
|
Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.
|
Keywords: security ssh
Synopsis: Obsoleted by: 144501-19 SunOS 5.10_x86: ssh patch
Date: Jun/03/2011
Install Requirements: Reboot after installing this patch to activate the changes delivered. An alternative may be specified in the Special Install Instructions.
Solaris Release: 10_x86
SunOS Release: 5.10_x86
Unbundled Product:
Unbundled Release:
Xref: This patch available for SPARC as patch 143559
Topic: SunOS 5.10_x86: ssh patch
Relevant Architectures: i386
Bugs fixed with this patch:
Changes incorporated in this version: 6492415 6628516 6968233 7020701
Patches accumulated and obsoleted by this patch:
Patches which conflict with this patch:
Patches required with this patch: 120012-14 137138-09 142910-17 (or greater)
Obsoleted by: 144501-19
Files included with this patch:
/usr/bin/scp
/usr/bin/sftp
/usr/bin/ssh
/usr/bin/ssh-keyscan
/usr/lib/ssh/ssh-keysign
/usr/lib/ssh/sshd
Problem Description:
6492415 ignore UsePrivilegeSeparation keyword in SunSSH
6628516 old OpenSSH privilege separation code is not needed in SunSSH
6968233 problem with ssh server
7020701 problem with ssh server
(from 145802-05)
7013910 Sun ssh lacks mandatory diffie-hellman-group14-sha1 support
(from 145802-04)
6688153 sshd should not call setsockopt() on a non socket
6714346 sshd does not enforce empty password restrictions
6978348 ssh/sftp via inetd records the peername as a "UNKNOWN" after HW crypto change
6993643 VerifyReverseMapping handling of ifdef IPV4_IN_IPV6 incomplete: cannot verify
(from 145802-03)
6983497 ssh and scp commands with multiple @ fail with node name or service name not known
(from 145802-02)
6336266 ssh SIGWINCH handling races; some servers are very unforgiving
6543577 ssh hangs when logging out
6953845 sshd monitor process needs better debugging
6953854 channel handler could process just created channels
(from 145802-01)
6480090 ConnectTimeout functionality desired for SUNWssh
6541995 honor Host directives when processing ConnectTimeout option
Patch Installation Instructions:
--------------------------------
Please refer to the man pages for instructions on using 'patchadd'
and 'patchrm' commands provided with Solaris.
The following example installs a patch to a standalone machine:
example# patchadd /var/spool/patch/123456-07
The following example removes a patch from a standalone system:
example# patchrm 123456-07
For additional examples please see the appropriate man pages. Any
other special or non-generic installation instructions should be
described below as special instructions.
Special Install Instructions:
-----------------------------
NOTE 1: Reboot the system after patch installation.
This patch requires a reboot to restart the sshd(1M) daemon. Until
the daemon is restarted it will continue to run the older version of
the software.
The sshd daemon may be restarted manually when convenient by
assuming a role with the necessary privileges and performing
the following command:
# svcadm restart svc:/network/ssh
These special instructions are only relevant if the changes
contained herein are not incorporated into a patch which
explicitly requires a reboot.
README -- Last modified date: Saturday, November 10, 2012