OBSOLETE Patch-ID# 145802-06


Download this patch from My Oracle Support

Your use of the firmware, software and any other materials contained in this update is subject to My Oracle Support Terms of Use, which may be viewed at My Oracle Support.
For further information on patching best practices and resources, please see the following links:
Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.

Keywords: security ssh
Synopsis: Obsoleted by: 144501-19 SunOS 5.10_x86: ssh patch
Date: Jun/03/2011


Install Requirements: Reboot after installing this patch to activate the changes delivered. An alternative may be specified in the Special Install Instructions.

Solaris Release: 10_x86

SunOS Release: 5.10_x86

Unbundled Product:

Unbundled Release:

Xref: This patch available for SPARC as patch 143559

Topic: SunOS 5.10_x86: ssh patch

Relevant Architectures: i386

Bugs fixed with this patch:

Sun CR # Bug #
633626615291741
648009015354782
649241515360689
654199515388170
654357715389053
662851615437740
668815315472584
671434615487232
695384515644261
695385415644266
696823315655307
697834815663615
698349715667923
699364315676269
701391015692909
702070115697953


Changes incorporated in this version: 6492415 6628516 6968233 7020701

Patches accumulated and obsoleted by this patch:

Patches which conflict with this patch:

Patches required with this patch: 120012-14 137138-09 142910-17 (or greater)

Obsoleted by: 144501-19

Files included with this patch:

/usr/bin/scp
/usr/bin/sftp
/usr/bin/ssh
/usr/bin/ssh-keyscan
/usr/lib/ssh/ssh-keysign
/usr/lib/ssh/sshd

Problem Description:

6492415 ignore UsePrivilegeSeparation keyword in SunSSH
6628516 old OpenSSH privilege separation code is not needed in SunSSH
6968233 problem with ssh server
7020701 problem with ssh server
 
(from 145802-05)
 
7013910 Sun ssh lacks mandatory diffie-hellman-group14-sha1 support
 
(from 145802-04)
 
6688153 sshd should not call setsockopt() on a non socket
6714346 sshd does not enforce empty password restrictions
6978348 ssh/sftp via inetd records the peername as a "UNKNOWN" after HW crypto change
6993643 VerifyReverseMapping handling of ifdef IPV4_IN_IPV6 incomplete: cannot verify
 
(from 145802-03)
 
6983497 ssh and scp commands with multiple @ fail with node name or service name not known
 
(from 145802-02)
 
6336266 ssh SIGWINCH handling races; some servers are very unforgiving
6543577 ssh hangs when logging out
6953845 sshd monitor process needs better debugging
6953854 channel handler could process just created channels
 
(from 145802-01)
 
6480090 ConnectTimeout functionality desired for SUNWssh
6541995 honor Host directives when processing ConnectTimeout option


Patch Installation Instructions:
--------------------------------
 
Please refer to the man pages for instructions on using 'patchadd'
and 'patchrm' commands provided with Solaris.
 
The following example installs a patch to a standalone machine:
 
       example# patchadd /var/spool/patch/123456-07
 
The following example removes a patch from a standalone system:
 
       example# patchrm 123456-07
 
For additional examples please see the appropriate man pages. Any
other special or non-generic installation instructions should be
described below as special instructions.


Special Install Instructions:
-----------------------------
 
NOTE 1:  Reboot the system after patch installation.
 
         This patch requires a reboot to restart the sshd(1M) daemon.  Until
         the daemon is restarted it will continue to run the older version of
         the software.
 
         The sshd daemon may be restarted manually when convenient by
         assuming a role with the necessary privileges and performing
         the following command:
 
         # svcadm restart svc:/network/ssh
 
         These special instructions are only relevant if the changes
         contained herein are not incorporated into a patch which
         explicitly requires a reboot.


README -- Last modified date: Saturday, November 10, 2012