OBSOLETE Patch-ID# 148105-14

Download this patch from My Oracle Support

Your use of the firmware, software and any other materials contained in this update is subject to My Oracle Support Terms of Use, which may be viewed at My Oracle Support.

For further information on patching best practices and resources, please see the following links:

Keywords: security ssh sftp last sshd
Synopsis: Obsoleted by: 148105-15 SunOS 5.10_x86: last, ssh/sshd patch
Date: Mar/15/2014

Install Requirements: Reboot after installing this patch to activate the changes delivered. An alternative may be specified in the Special Install Instructions.

Solaris Release: 10_x86

SunOS Release: 5.10_x86

Unbundled Product:

Unbundled Release:

Xref: This patch available for SPARC as patch 148104

Topic: SunOS 5.10_x86: last, ssh/sshd patch

Relevant Architectures: i386

Bugs fixed with this patch:

Sun CR #	Bug #
6627262	15436976
6709963	15484784
6949049	15640462
7162389	15786285
7199485	15816953
7203661	15821465
	15896442
	15917734
	16212206
	16221564
	16221570
	16229840
	16306194
	16345356
	16538152
	17313800
	17336872
	17403437
	17415150
	17446614
	17475399
5044096	15210351
6409841	15323891
6480741	15355058
6628064	15437481
6875954	15585137
6908482	15608878
6953874	15644277
7050937	15719710
7131879	15767654
7188428	15807459

Changes incorporated in this version: 15896442 17446614

Patches accumulated and obsoleted by this patch: 148097-06

Patches which conflict with this patch:

Patches required with this patch: 120012-14 137138-09 142910-17 144501-19 (or greater)

Obsoleted by:

Files included with this patch:

/etc/ssh/sshd_config
/usr/bin/last
/usr/bin/scp
/usr/bin/sftp
/usr/bin/ssh
/usr/bin/ssh-add
/usr/bin/ssh-agent
/usr/bin/ssh-keygen
/usr/bin/ssh-keyscan
/usr/lib/ssh/sftp-server
/usr/lib/ssh/ssh-keysign
/usr/lib/ssh/sshd

Problem Description:

15896442 sshd auth.info message is shown as ja_JP.UTF-8 even if "LANG=PCK/EUC"
17446614 sshd: endless loop in fatal
 
(from 148105-13)
 
17313800 sshd should abort the connection when the user fails to change his password
17336872 SSH should provide better krb5 error
17403437 move debug output outside of a signal handler
17415150 memory-leaks in ssh detected by Parfait
17475399 sshd/ssh should deliver CTF information
 
(from 148105-12)
 
16345356 SSH Tunnel connect returns EINPROGRESS, must not invoke isatty() before select()
 
(from 148105-11)
 
15484784 SunSSH server leaks memory during initialization
15640462 keyboard-interactive configuration option handling needs to be fixed in SunSSH
16306194 problem with ssh
16538152 problem with ssh
 
(from 148105-10)
 
15436976 delegating creds should update creds when remote copy unexpired
15786285 GSSAPIDelegateCredentials issues with PAM_USER and 3rd-party module
 
(from 148105-09)
 
15917734 SSH truncates instruction field of SSH2_MSG_USERAUTH_INFO_REQUEST
16212206 sshd fails with buffer size greater than 2MB
16221564 uninitialized variable in source of scp.c:651
16221570 uninitialized variable in valid_request of ssh-keysign.c:138
16229840 uninitialized variable in session_loc_env_check of session.c:1968
 
(from 148105-08)
 
15816953 ssh connection with a forced tty allocation sometimes fails, under some conditions
15821465 sftp server fails to show date and time in ls localized output using certain locales
 
(from 148105-07)
 
        This revision accumulates generic Sustaining patch 148097-06
        into Solaris S10U11 update.
 
(from 148105-06)
 
        This revision accumulates generic Sustaining patch 148097-05
        into Solaris S10U11 update.
 
(from 148105-05)
 
        This revision accumulates generic Sustaining patch 148097-04
        into Solaris S10U11 update.
 
(from 148105-04)
 
        This revision accumulates generic Sustaining patch 148097-03
        into Solaris S10U11 update.
 
(from 148105-03)
 
        This revision accumulates generic Sustaining patch 148097-02
        into Solaris S10U11 update.
 
(from 148105-02)
 
5044096 ssh(1) is too picky, quits on unknown ~/.ssh/config options
 
(from 148105-01)
 
        This revision accumulates generic Sustaining patch 148097-01
        into Solaris S10U11 update.
 
(from 148097-06)
 
6908482 missing SSH host keys should be reported properly
 
(from 148097-05)
 
6875954 fork error is reported with wrong errno in sshd.c
7188428 sftp does not use the commands from batch file from -b option after installing 148096-03/148097-03
 
(from 148097-04)
 
7131879 fix for 6628064 is not optimal: ssh receive window should be increased more on server
 
(from 148097-03)
 
6480741 command line editing is desired for sftp(1)
 
(from 148097-02)
 
6628064 high-performance ssh/scp
 
(from 148097-01)
 
6409841 multiple ssh connections from same user cause previous sshd wtmpx entries to get logged out
6953874 ssh client does not propagate SIGPIPE to server side and hangs
7050937 monitor header files should be removed from source tree

Patch Installation Instructions:

--------------------------------
 
Please refer to the man pages for instructions on using 'patchadd'
and 'patchrm' commands provided with Solaris.
 
The following example installs a patch to a standalone machine:
 
       example# patchadd /var/spool/patch/123456-07
 
The following example removes a patch from a standalone system:
 
       example# patchrm 123456-07
 
For additional examples please see the appropriate man pages. Any
other special or non-generic installation instructions should be
described below as special instructions.

Special Install Instructions:

-----------------------------
 
NOTE 1:  The fix for 6628064 (high-performance ssh/scp) increases ssh/scp
         performance on high bandwidth/high latency links by increasing the
         SSH receive window size and by sending window adjust packets more
         often. SSH receive window size is set to 4 times the value of TCP
         receive buffer.  Lower boundary for window size is 128kB, upper
         boundary 64MB.  The TCP receive buffer can be set by following
         command:
 
         /usr/sbin/ndd -set /dev/tcp  tcp_recv_hiwat <window size>
 
         This tuning is recommended for networks with latency over ten
         milliseconds.
 
NOTE 2:  After patch application the sshd daemon has to be restarted using
         the following command:
 
         svcadm restart ssh
 
         The changes then apply only on new ssh connections.  Already
         established connections remain unchanged.
 
NOTE 3:  The fix for 6480741 (command line editing is desired for sftp(1))
         adds a dependency of sftp on libtecla (SUNWtecla), which is part
         of a minimal installation and should be available on the system.
         If not, SUNWtecla has to be installed for sftp to work properly.
 
NOTE 4:  The fix for:
 
         16538152 problem with ssh
         16306194 problem with ssh
         15484784 SunSSH server leaks memory during initialization
 
         changes the default value of ssh MaxStartups to "10:30:100".

README -- Last modified date: Thursday, July 10, 2014