Patches & Updates
Deploy and monitor updates to all of your systems through Sun from anywhere you have an Internet connection.
Start today with Knowledge-based software update services for Solaris and Linux.
Please review changes to Patch Access.
Patches:
Download Patch (1343297 bytes): HTTP 
Download Signed Patch (1347605 bytes): HTTP 
Signed Patch Documentation  Patch Finder

Obsoleted by: 114356-12 SunOS 5.9: /usr/bin/ssh patch

Disclaimer: 

Please note: Although OBSOLETED patches are available on SunSolve, Sun recommends using the most recent patches and the most recent revision of those patches. OBSOLETED patches do not include the latest bug fixes and/or product enhancements, and may require the installation of additional patches as a corrective measure.

Status: OBSOLETE
Patch Id: 114356-11
***********************************************************************
READ THE TERMS OF THE AGREEMENT ("AGREEMENT") IN THE LEGAL_LICENSE.TXT
FILE CAREFULLY BEFORE USING THIS SOFTWARE. BY USING THE SOFTWARE, YOU
AGREE TO THE TERMS OF THIS AGREEMENT. IF YOU DO NOT AGREE TO ALL OF THE
TERMS, PROMPTLY DESTROY THE UNUSED SOFTWARE.
***********************************************************************
Summary: Obsoleted by: 114356-12 SunOS 5.9: /usr/bin/ssh patch
Date:  Jun/26/2007
Installation Requirements:
Reboot after installation, an alternative may be in Special Install Instructions
Solaris Release: 9
Sun OS Release: 5.9
Unbundled Product: 
Unbundled Release: 
Xref: This patch available for x86 as patch 114357
Topic: 
SunOS 5.9: /usr/bin/ssh patch
Relevant Architecture: sparc
BugId's fixed with this patch:

4406914 4452339 4614979 4621219 4635546 4665983 4680230 4685658 4707786 4707788 4708846 4709475 4710108 4710111 4711335 4713097 4713592 4714596 4719654 4720595 4733532 4740969 4750989 4759759 4763864 4777436 4784872 4799122 4804165 4811575 4816590 4828467 4837140 4841566 4857179 4862449 4924554 4925970 4926391 4926624 4928964 4939055 4964839 4966521 4967674 4969306 4971630 4971810 4975057 4976155 4976745 4977574 4982991 4990122 5002100 5005870 5006690 5006695 5006762 5012765 5013640 5014180 5014600 5014946 5014951 5014969 5019044 5020325 5021347 5022903 5023074 5025296 5036242 5048596 5049660 5054240 5054835 5058293 5060425 5060618 5062508 5063375 5066767 5076804 5082282 5083048 5083197 5088670 5090324 5094142 5094528 5099653 5109225 5109404 5109487 5109496 6176256 6181680 6182695 6185726 6402708 6410762 6466370 6467218 6476279 6476772 6490435

Changes incorporated in this version:

6466370 6467218 6476279 6476772

Patches accumulated and obsoleted by this patch:

Patches which conflict with this patch: 

Required Patches:

112908-24 (or greater)

Obsoleted by:
  
Files Included in this Patch: 
/usr/bin/scp
/usr/bin/sftp
/usr/bin/ssh
/usr/bin/ssh-add
/usr/bin/ssh-agent
/usr/bin/ssh-keygen
Problem Description: 
6466370 security vulnerabilities in OpenSSL may lead to DoS or code execution 
        (CVE-2006-3738,CVE-2006-4343)
6467218 fix RSA signature forgery (CVE-2006-4339)
6476279 multiple vulnerabilities in OpenSSL (CVE-2006-2937, CVE-2006-2940)
6476772 update OpenSSL version string with information about security patches included
 
(from 114356-10)
 
6490435 114356-09 needs prepatch script renamed to prePatch
 
(from 114356-09)
 
6410762 S9 SSH patch 113273-11 does not check for SUNWfns dependencies
 
(from 114356-08)
 
6402708 new ssh in Solaris 9 exits if key fingerprint cannot be found in known_host files
 
(from 114356-07)
 
6176256 S9 ssh backporting project
4406914 support draft-ietf-secsh-dh-group-exchange-01.txt
4452339 key_fingerprint needs to support md5/sha/bubblebabble output
4614979 ssh connections break after the rekey interval elapses on
4621219 sftp prints incorrect error message if connection refused
4635546 superfluous IP options check in ssh should be removed
4680230 usr/src/cmd/ssh/ssh Makefile needs to have lib dependencies
4707788 implement ClientAlive on the server side
4708846 vis in libopenbsd-compat has I18N problem
4709475 ssh and ssh-keygen: not extracted messages for localization
4710108 sshd: locale environments are not passed to shells
4710111 ssh-agent: strings 'echo' should not be extracted for localization
4711335 sshd V1 authentication behaves poorly for invalid users
4713097 sftp: word 'abormally' should be 'abnormally'
4713592 ssh & friends print incorrect error message if server breaks connection at login
4714596 request for filename option in sftp command line
4719654 ssh: localized messages should be extracted per sentence
4720595 ssh-keygen does not finish with dsa key
4733532 scp leaves connection open
4740969 cli_write() in libssh.a has a memory leak
4750989 expired passwords not working with KbdInteractiveAuthentication yes
4759759 ssh(1) doesn't terminate proxy commands on exit
4777436 ssh client should ignore signals which are already ignored
4784872 locales !=  RFC-1766 language tags
4799122 ssh doesn't use getopt(3c) (concatenated options don't work)
4811575 ssh-keygen list fails on long public key entries (base64 encoding > 1024b)
4816590 ssh in Solaris 9 doesn't forward the X11 session from 3-party software
4828467 sftp client sends directory path that causes windows interop problems
4837140 sshd sets bogus fixed path and ignores /etc/default/login
4841566 ksh limits ssh/Xauth using -X option with uid's 99 or less
4857179 ssh and password expiry do not work
4862449 SUNWssh needs a resync
4924554 resync'ed ssh cores after connect from Solaris 9 client with mixed locale setting
4925970 sshd logging extra warning messages on console
4926391 fatal_remove_cleanup() should not fatal()
4926624 ssh exits with -1 if stdin is not a terminal
4928964 sshd breaks finger
4964839 SUNWsshdr needs to remove CheckMail from sshd_config
4966521 sshd core dumps/drops connection if server has many locales
4967674 sshd sets LC_ALL and LANG to strange values
4969306 sshd dumps core on root login
4971630 ssh attempts to do exit(-1) arbitrarily when not using ptys
4971810 fix for 4406914 is incomplete - /etc/ssh/moduli is missing
4975057 ssh got smarter about proxy commands, but not enough: always prepends "exec "
4976155 ssh crashes with SEGV when connecting to Sun_SSH_1.1 (in iso_8859_1)
4976745 sshd has a small malloc problem
4977574 sshd dumps core when some clients connect
4982991 Please enter user name: prompt doesn't go away quickly enough
4990122 sshd has a(nother) malloc problem
5002100 ssh displays wrong (useless) 'Last login' date and time
5005870 sshd setsockopt SO_KEEPALIVE Invalid argument error
5006690 sshd does not pass PAM environment variables to its children
5006695 SUNWssh should support GSS-API extensions to SSHv2 (PSARC 2003/778)
5006762 sshd(1M) does not support optimistic key exchange (SSHv2)
5012765 sshd(1M) should do something about privileges (PSARC 2004/677)
5013640 sshd core dumps while trying to log messages, take 2
5014180 ssh should keep /dev/random open
5014600 ssh-add cores if the agent socket could not be opened
5014969 default X11Forwarding to yes in sshd_config (PSARC 2004/011)
5019044 sshd(1M) lets libgss spew on stderr on startup about unconfigured mechs
5020325 sftp: 'get *' coredumps
5021347 ssh commands link with -ldl, shouldn't (-z ignore masked this)
5022903 ssh(1) should support send-break extension
5023074 SUNWsshdr: /etc/ssh is not a valid temp directory during install
5025296 sshd should use closefrom() instead of a 3-to-64 close() loop
5036242 sshd(1M) should workaround KEXGSS_HOSTKEY bug in MacOS ssh(1) with GSS
5048596 ssh(1) host-based authentication should try all client host keys, not just 1st
5049660 locale problems with ssh
5054240 ssh should be more descriptive when GSS key exchange fails
5054835 sshd GSS error logic needs a little work
5058293 ssh packages do not declare dependency on GSS-API
5060425 ssh backspace not working
5060618 ssh-keysign needs to utilize privileges
5062508 GSS option names should match OpenSSH's (PSARC/2004/461)
5063375 sshd(1M) PAM svc change after pam_start() ineffective
5066767 sshd dumps core in finish_userauth_do_pam()
5076804 sshd(1M) logs successful login messages to auth.notice (and thence the console)
5082282 sshd core dumps printing usage message
5083048 accepted yes/no strings itself should be displayed
5083197 another coredump in finish_userauth_do_pam()
5088670 RFE 5062528 breaks ssh-agent (missing privileges)
5090324 session id confusion with ssh & su
5094142 sshd calls pam_chauthtok() as root, skips pw quality checks
5094528 ssh(1) core dumps in gssapi userauth
5109225 version string missing from sshd's usage message
5109404 missing whitespace in some ssh messages
5109487 language negotiation is not useful after initial key exchange
5109496 packet_set_connection() should be more careful
6181680 sshd doesn't log logouts in utmpx
6182695 sshd debug mode deadlock potential
6185726 MaxStartups now counts all concurrent sessions
5014946 add support to libgss for gss_store_cred() (PSARC 2003/779) (phase 1)
5014951 mech_krb5 needs a krb5_gss_store_cred() (PSARC 2003/779)
 
(from 114356-06)
 
5099653 scp connection that fails reports incorrect return code of 0
 
(from 114356-05)
 
4804165 scp host:/file host2:/file fails.
 
(from 114356-04)
 
4665983 long command silently truncated without error over ssh
4763864 non-interactive ssh can hang after remote command has exited
 
(from 114356-03)
 
4939055 ssh does not return standard errors
 
(from 114356-02)
 
4707786 ssh client does not fail requests for unknown channels
 
(from 114356-01)
 
4685658 /usr/bin/ssh always returns 255
Revision History: 
114356-10 114356-04 114356-06 114356-08 114356-03 114356-01 114356-05 114356-07 114356-02 
Patch Installation Instructions: 
--------------------------------
For Solaris 2.0-2.6 releases, refer to the Install.info file and/or
the README within the patch for instructions on using the generic
'installpatch' and 'backoutpatch' scripts provided with each patch.
 
For Solaris 7-10 releases, refer to the man pages for instructions
on using 'patchadd' and 'patchrm' scripts provided with Solaris.
Any other special or non-generic installation instructions should be
described below as special instructions.  The following example
installs a patch to a standalone machine:
 
       example# patchadd /var/spool/patch/104945-02
 
The following example removes a patch from a standalone system:
 
       example# patchrm 104945-02
 
For additional examples please see the appropriate man pages.
Special Install Instructions: 
-----------------------------
 
NOTE 1:  Reboot the system after patch installation.
 
NOTE 2:  To get the complete fix for bugid 4939055 (ssh does not return
         standard errors), please also install the following patch:
 
         113273-06 (or greater)  sshd patch
 
NOTE 3:  To get the complete fix for ALL the bugids in the -07 revision
         of the patch, please also install the following patches:
 
	 117177-02 (or greater)  gssapi module patch
	 113273-11 (or greater)  sshd patch
 
NOTE 4:  To get the complete fix for multiple vulnerabilities in OpenSSL,
         please make sure to install the following patches:
 
         113273-14 (or greater)  sshd patch
         113713-24 (or greater)  pkg utilities patch
         117123-08 (or greater)  wanboot patch
         123376-01 (or greater)  bootconfchk patch

README -- Last modified date:  Tuesday, June 26, 2007








  

    
      
  
      
      

    		
  




 






     
     

     





    

        

        
            

                

                    
                        Sun support customers:
                
more support information is available after you sign in.
                		
                

                
 

                

                    »  
                
                
                    
                        
                            Login
                        
                        
                    
                
                

                

                    »  
                    Register
                

                

                    »  
                    Lost UserName/Password
                

            

        

        

        

    

     







    

    

        
Login Required

        
You must login and have a valid contract to access Sun's Premium content which includes:
        
    
            
  • Sun Alerts
    • 
            
  • Bugs
    • 
            
  • Patches
    • 
            
  • Solutions
    • 
            
  • White Papers
    • 
            
  • Documentation
    • 
            
  • Support Knowledge
    • 
        

    

    






    

    

        
Login Required

        
You must login and have a valid contract to access Sun's contracted features

    

    





    

        

            

                
                    Access Legend:
                    
(Login to access)   Sun Contracted Content
                        
(Login to access)   Sun Contracted Feature
                

            

        

    








 

 

 
Please make use of SunSolve Feedback application by selecting the floating [+] to provide feedback about this specific document.

 

 






    
        
            


            

                

                        


                        

                            
Search

                            

                                    

                                        

                                            
                                            
                                            
                                        

                                    

                                		
                            

                            
Article Details

                            
Article ID :
                                
                            114356-11
                            

                            
Article Type :
                                
                            Patch Descriptions
                            

                            
Last reviewed :
                                
                            2007-06-26
                            

                            
Audience :
                                
                            PUBLIC
                            

                            
Keywords :
                                
                            security tcp/ip session terminates openssh ssh client
                            

                            
Provide feedback  (help) 

                            
Page Tools

                            
»  Print This Page

                            
»  Email This Article

                            
»  Bookmark This Article

        
                        


                        

                    

            
        
    







    

        
            

                
Security Support


                

                    »  
                    Security Center
                

                

                    »  
                    Report Security Vulnerabilities
                


                

                    »  
                    Security PGP Key
                


                

                    »  
                    Sun Alert Notifications - RSS Feeds
                


                

                    »  
                    Sun Alert Notifications - eNewsletter
                


                

                    »  
                    Solaris Fingerprint Database
                

            

        		
    



 








    

        
            

                
SunSolve Navigation

                

                    »  
                    Forums for contracted customers
                

                

                    »  
                    Licenses
                

               

                    »  
                    Log a Service Request
                

                

                    »  
                    Patches and Updates
                

                

                    »  
                    Product Download Center
                

                

                    »  
                    SunSystem Handbook
                

                
»  
                    SunSolve Japan
                

            

        		
    









    

        
            

                
SunSolve Feedback, Help and Updates

                

                    »  
                    Blog
                

                

                    »  
                    Community
                

                

                    »  
                    Feedback
                

                

                    »  
                    Help
                

                

                    »  
                    Learn about SunSolve
                

                

                    »  
                    Twitter
                

            

        		
    








     
     







   
   







     












About Oracle |
Oracle and Sun |
 Oracle RSS Feeds |
Subscribe |
Careers |
Contact Us |
Site Maps |
Legal Notices |
Terms of Use |
Your Privacy Rights |
Copyright  © 2010, Oracle Corporation and/or its affiliates
| SunSolve Version 7.4.2 #1