OBSOLETE Patch-ID# 148105-14
Download this patch from My Oracle Support
Your use of the firmware, software and any other materials contained
in this update is subject to My Oracle Support Terms of Use, which
may be viewed at My Oracle Support.
|
For further information on patching best practices and resources, please
see the following links:
|
Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.
|
Keywords: security ssh sftp last sshd
Synopsis: Obsoleted by: 148105-15 SunOS 5.10_x86: last, ssh/sshd patch
Date: Mar/15/2014
Install Requirements: Reboot after installing this patch to activate the changes delivered. An alternative may be specified in the Special Install Instructions.
Solaris Release: 10_x86
SunOS Release: 5.10_x86
Unbundled Product:
Unbundled Release:
Xref: This patch available for SPARC as patch 148104
Topic: SunOS 5.10_x86: last, ssh/sshd patch
Relevant Architectures: i386
Bugs fixed with this patch:
Changes incorporated in this version: 15896442 17446614
Patches accumulated and obsoleted by this patch: 148097-06
Patches which conflict with this patch:
Patches required with this patch: 120012-14 137138-09 142910-17 144501-19 (or greater)
Obsoleted by:
Files included with this patch:
/etc/ssh/sshd_config
/usr/bin/last
/usr/bin/scp
/usr/bin/sftp
/usr/bin/ssh
/usr/bin/ssh-add
/usr/bin/ssh-agent
/usr/bin/ssh-keygen
/usr/bin/ssh-keyscan
/usr/lib/ssh/sftp-server
/usr/lib/ssh/ssh-keysign
/usr/lib/ssh/sshd
Problem Description:
15896442 sshd auth.info message is shown as ja_JP.UTF-8 even if "LANG=PCK/EUC"
17446614 sshd: endless loop in fatal
(from 148105-13)
17313800 sshd should abort the connection when the user fails to change his password
17336872 SSH should provide better krb5 error
17403437 move debug output outside of a signal handler
17415150 memory-leaks in ssh detected by Parfait
17475399 sshd/ssh should deliver CTF information
(from 148105-12)
16345356 SSH Tunnel connect returns EINPROGRESS, must not invoke isatty() before select()
(from 148105-11)
15484784 SunSSH server leaks memory during initialization
15640462 keyboard-interactive configuration option handling needs to be fixed in SunSSH
16306194 problem with ssh
16538152 problem with ssh
(from 148105-10)
15436976 delegating creds should update creds when remote copy unexpired
15786285 GSSAPIDelegateCredentials issues with PAM_USER and 3rd-party module
(from 148105-09)
15917734 SSH truncates instruction field of SSH2_MSG_USERAUTH_INFO_REQUEST
16212206 sshd fails with buffer size greater than 2MB
16221564 uninitialized variable in source of scp.c:651
16221570 uninitialized variable in valid_request of ssh-keysign.c:138
16229840 uninitialized variable in session_loc_env_check of session.c:1968
(from 148105-08)
15816953 ssh connection with a forced tty allocation sometimes fails, under some conditions
15821465 sftp server fails to show date and time in ls localized output using certain locales
(from 148105-07)
This revision accumulates generic Sustaining patch 148097-06
into Solaris S10U11 update.
(from 148105-06)
This revision accumulates generic Sustaining patch 148097-05
into Solaris S10U11 update.
(from 148105-05)
This revision accumulates generic Sustaining patch 148097-04
into Solaris S10U11 update.
(from 148105-04)
This revision accumulates generic Sustaining patch 148097-03
into Solaris S10U11 update.
(from 148105-03)
This revision accumulates generic Sustaining patch 148097-02
into Solaris S10U11 update.
(from 148105-02)
5044096 ssh(1) is too picky, quits on unknown ~/.ssh/config options
(from 148105-01)
This revision accumulates generic Sustaining patch 148097-01
into Solaris S10U11 update.
(from 148097-06)
6908482 missing SSH host keys should be reported properly
(from 148097-05)
6875954 fork error is reported with wrong errno in sshd.c
7188428 sftp does not use the commands from batch file from -b option after installing 148096-03/148097-03
(from 148097-04)
7131879 fix for 6628064 is not optimal: ssh receive window should be increased more on server
(from 148097-03)
6480741 command line editing is desired for sftp(1)
(from 148097-02)
6628064 high-performance ssh/scp
(from 148097-01)
6409841 multiple ssh connections from same user cause previous sshd wtmpx entries to get logged out
6953874 ssh client does not propagate SIGPIPE to server side and hangs
7050937 monitor header files should be removed from source tree
Patch Installation Instructions:
--------------------------------
Please refer to the man pages for instructions on using 'patchadd'
and 'patchrm' commands provided with Solaris.
The following example installs a patch to a standalone machine:
example# patchadd /var/spool/patch/123456-07
The following example removes a patch from a standalone system:
example# patchrm 123456-07
For additional examples please see the appropriate man pages. Any
other special or non-generic installation instructions should be
described below as special instructions.
Special Install Instructions:
-----------------------------
NOTE 1: The fix for 6628064 (high-performance ssh/scp) increases ssh/scp
performance on high bandwidth/high latency links by increasing the
SSH receive window size and by sending window adjust packets more
often. SSH receive window size is set to 4 times the value of TCP
receive buffer. Lower boundary for window size is 128kB, upper
boundary 64MB. The TCP receive buffer can be set by following
command:
/usr/sbin/ndd -set /dev/tcp tcp_recv_hiwat <window size>
This tuning is recommended for networks with latency over ten
milliseconds.
NOTE 2: After patch application the sshd daemon has to be restarted using
the following command:
svcadm restart ssh
The changes then apply only on new ssh connections. Already
established connections remain unchanged.
NOTE 3: The fix for 6480741 (command line editing is desired for sftp(1))
adds a dependency of sftp on libtecla (SUNWtecla), which is part
of a minimal installation and should be available on the system.
If not, SUNWtecla has to be installed for sftp to work properly.
NOTE 4: The fix for:
16538152 problem with ssh
16306194 problem with ssh
15484784 SunSSH server leaks memory during initialization
changes the default value of ssh MaxStartups to "10:30:100".
README -- Last modified date: Thursday, July 10, 2014