My Oracle Support Banner

Patch Set Updates for Secure Global Desktop 5.2 (Doc ID 2012596.1)

Last updated on OCTOBER 30, 2018

Applies to:

Oracle Secure Global Desktop - Version 5.2 to 5.2 [Release 5.0]
Information in this document applies to any platform.

Details

Please Note:  This version of Secure Global Desktop has been superseded by one or more subsequent product releases, and reached the end of its Premier Support life in July 2017.  Previously published patches will continue to be available to customers with active support contracts, but there are no further scheduled maintenance updates for this legacy platform. 

Please see the Secure Global Desktop Release Announcement Reference for the latest information regarding SGD releases, and a matrix of available patches for any supported version of the product. 

 

Patch Set Updates

Patch Set Updates (PSUs) are clusters of recommended stability, security, and/or performance patches that have been certified for an existing maintenance release of SGD.   Patch Set Updates use the integrated Secure Global Desktop Patch Mechanism, and are available to customers with a valid Customer Support Identifier with named support for the Secure Global Desktop product.

PSUs may update many specific components of SGD.  After application, updated components may report a different SGD version, when compared to components which have not been updated.

Please Note: There are other patches available for SGD 5.2, including JVM and SGD Web Server updates.  For information on these, and more, please see the Secure Global Desktop Release Announcement Reference.  The RAR always includes the latest information regarding SGD releases, and a matrix of all available patches for any supported version of the product. 

 

Quick Reference

This is a high level index of the available Patch Set Updates for Secure Global Desktop 5.2.  Please see the relevant sections below for additional information regarding these patches.

Release DatePatch IDPrerequisitesComments
Apr 2017 [25764545] SGD 5.2 Strategic maintenance roll-up, includes important stability fixes for SGD.
Additional Details
Feb 2017 25451912 SGD 5.2 Note: This patch has been superseded by the April 2017 Comprehensive PSU
Reference Information
Oct 2016 24823967 SGD 5.2 Note: This patch has been superseded by the February 2017 Comprehensive PSU
Reference Information
Jul 2016 23590581 SGD 5.2 Note: This patch has been superseded by the October 2016 Comprehensive PSU
Reference Information
Apr 2016 22925265 SGD 5.2 Note: This patch has been superseded by the July 2016 Comprehensive PSU
Added new platform support for Microsoft Windows 10, Oracle Linux 7.
Reference Information
Jan 2016 22195585 SGD 5.2 Note: This patch has been superseded by the April 2016 Comprehensive PSU
Reference Information
Oct 2015 21620479 SGD 5.2 Note: This patch has been superseded by the January 2016 Comprehensive PSU
Key Updates: Included a new  SGD client for Mac OS X, Support for Java Web Start.
Reference Information
July 2015  21263161 SGD 5.2 Note: This patch has been superseded by the October 2015 Comprehensive PSU.
Reference Information
May 2015  21090812 SGD 5.2 Note: This patch has been superseded by the July 2015 Comprehensive PSU.
Reference Information

 

The April 2017 PSU

The April 2017 PSU for Oracle Secure Global Desktop 5.2 (52p9) is a maintenance patch roll-up that includes important stability and security updates for SGD 5.2. This PSU is a comprehensive update: in addition to the new fixes outlined below, it also includes all of the solutions previously delivered within previously delivered patch roll-ups: 52p8, 52p7, 52p6, 52p5, 52p4, 52p3, 52p2 and 52p1.

Administrators are encouraged to test this update thoroughly prior to rolling into production, and to forward any questions to Oracle's Desktop Virtualization team.

Note: After applying this update, the version of the SGD client presented to incoming users should be 5.20.963.  In some circumstances, this component may not be updated correctly.  For additional details regarding this uncommon scenario—and the recommended solution—please see <Document 2266290.1> .

This PSU includes updated X11 libraries from X.org, as well as the following third party components:

ComponentSGD 5.25.2 + Apr 2017 PSU
OpenSSL 1.0.1l 1.0.2k
cURL 7.47.1 7.53.1
Bug Fixes

The following table is intended as a high-level reference for the latest critical updates included in this patch.  This comprehensive update also includes all bugs fixed in earlier PSUs for SGD 5.2

Bugs Fixed within SGD 52p9
25657638 ALTGR MODIFIER (ISO_LEVEL3_SHIFT) CAN BE LEFT ON IN SOME CIRCUMSTANCES
25605479 CANNOT SELECT WITH MOUSE WHEN APPLICATION ACCELERATE HW IS ACTIVATED
25573713 UNTRUSTED INITIAL CONNECTION WARNINGS: CANNOT SEE CERTIFICATE ON MAC CLIENT
25552755 ESC: NUMLOCK AND FUNCTION KEY ISSUES ON MAC CLIENT
25527751 UID SEARCH IN ADMIN CONSOLE TIMES OUT
25495928
24749679
PROBLEM WITH OPENSSL:
CVE-2016-2177 CVE-2016-2178 CVE-2016-2179 CVE-2016-2180 CVE-2016-2181
CVE-2016-2182 CVE-2016-2183 CVE-2016-6302 CVE-2016-6303 CVE-2016-6304
CVE-2016-6305 CVE-2016-6306 CVE-2016-6307 CVE-2016-6308 CVE-2016-7055
CVE-2017-3730 CVE-2017-3731 CVE-2017-3732
25495757 ESC: MIDDLE MOUSE BUTTON PROBLEM WHEN USING MAC CLIENT
25478633 ESC: CAPSLOCK STATE LOST WITH WINDOW FOCUS ON MAC CLIENT
25424981 ESC: SGD DOES NOT CHECK AVAILABILITY OF APPLICATION SERVERS
25357947
24407529
23569918
PROBLEM WITH LIBCURL:
CVE-2016-3739 CVE-2016-4802 CVE-2016-5419 CVE-2016-5420 CVE-2016-5421
CVE-2016-8615 CVE-2016-8616 CVE-2016-8617 CVE-2016-8618 CVE-2016-8619
CVE-2016-8620 CVE-2016-8621 CVE-2016-8622 CVE-2016-8623 CVE-2016-8624
CVE-2016-8625
24816338 PROBLEM WITH X11:
CVE-2016-5407

Note: Formal details regarding the defects resolved within this patchset may be found within the README that is bundled with the update.

 

Previous Release Reference

Patch Set Updates for Secure Global Desktop 5.2 are cumulative; each update comprehensively includes the previously delivered fixes.   For reference, the fixes outlined below are attributed to their original delivery mechanism, but are comprehensively included within the latest release.

The February 2017 PSU

The following table is intended as a high-level reference for the latest critical updates included in this patch:

Bugs Fixed within SGD 52p8
24509934 ESC: NO RESPONSE FROM SGD SERVER HAPPENS CONTINUOUSLY
24810198 ESC [CA]: VISUAL ARTIFACTS DISPLAYED WHEN MOVING DIALOG WINDOW
24810233 ESC [CA]: GLX-TYPE ISSUE IN CONNECTION WITH APP AND SGD
24916944 ESC [CA] - COPY RECTANGLE MENU OPTION HANGS TCC.EXE
22993268 ESC: CURSOR FOCUS LOST WHEN APP LAUNCHED IN SWM MODE
25064014 ESC [CA]: APPLICATION CRASH WHEN USING CLIENT WINDOW MANAGEMENT
25143467 ESC [CA] - POOR EMULATION PERFORMANCE ON DUAL-DISPLAY CLIENTS AFTER 5.2P7
25176716 ESC [CA]: SGD SESSION GRABBING PROBLEM WHEN USING CHROMEBOOKS
25305736 ESC [CA]: THE VARIABLE TTA_NAME_RELEASE APPEARS TO CONTAIN TRAILING CHARACTERS.
25359979 ESC [CA]: KEYBOARD INPUT PROBLEM AFTER USING CROSH SHELL

Note: Formal details regarding the defects resolved within this patchset may be found within the README that is bundled with the update.


The October 2016 PSU
This update includes a change in MESA support, intended to better align functionality of the 3D libraries with the X11 server bundled with SGD 5.2. This is an important stability enhancement, but one that may alter the behavior of some OpenGL applications. As always, Administrators are encouraged to test this update thoroughly prior to rolling into production, and to forward any questions to Oracle's Desktop Virtualization team.

The following table is intended as a high-level reference for the latest critical updates included in this patch:

Bugs Fixed within SGD 52p7
23750968 ESC: SGD 5.2P5 - ATTEMPTS TO CONNECT VIA HTTPS PROXY RESULT IN EXIT OF WIN TCC
24293771 ESC: X APPLICATION FREEZES ISSUE IN SGD 5.2
24325607 JVM PATCH REMOVE SCRIPT NEEDS TO HANDLE VERSION NUMBERS GREATER THAN 100 [5.2]
24381216 ESC:USERS CAN'T LOGIN WITH LOADING PAGE AND SGD BECOMES NOT ACCEPTING CONNECTION
24409426 ESC: LAUNCHES FAIL WITH ERRLAUNCHPOLICYNOTFOUND ERROR MESSAGE 5.2P2 RH LINUX
24561724 ESC: TTAXPE CRASHES WHEN TRYING TO START ABAQUS APPLICATION
24606330 ESC : 403 ERROR WHEN ACCESSING SGD WITH IE11
24711228 ESC - H5C DISPLAYS INTERNAL SERVER NAME AS PART OF THE CONNECTION URL.
23666618 Fix for Bug 23666618

Note: Formal details regarding the defects resolved within this patchset may be found within the README that is bundled with the update.

 

The July 2016 PSU

The following third party components were updated within SGD 52p6

ComponentSGD 5.2SGD 5.2 + Jul 2016 PSU
OpenSSL 1.0.1l 1.0.2h

Formal details regarding the defects resolved within this patchset may be found within the README that is bundled with the update.

Bugs Fixed within SGD 52p6
23524171 CLIENT WINDOW MANAGED MODAL DIALOG CAN LEAVE PARENT WINDOW DISABLED
23346069 SEAMLESS WINDOW MANAGED DRAG WINDOW STATE IS NOT CLEARED IF WINDOW IS DELETED
23344955 SEAMLESS WINDOW MANAGED WINDOW JUMPS ERRATICALLY DURING FULL-WINDOW DRAG
23188459 ARTIFACTS ON CLIENT SIDE WINDOW MANAGER DECORATION WITH PSU5
22993311 UNABLE TO QUICKLY DRAG CHROME WINDOW IN SEAMLESS WINDOW MANAGED MODE
22993268 CURSOR FOCUS LOST WHEN APP LAUNCHED IN SEAMLESS WINDOW MANAGED MODE
22993211 UNABLE TO TYPE IN PARENT WINDOWS WHEN CHILD WINDOW IS MINIMIZED
23228325 UPDATE TO OPENSSL 1.0.2H
CVE-2016-2105 CVE-2016-2106 CVE-2016-2107 CVE-2016-2108 CVE-2016-2109 CVE-2016-2176


 

The April 2016 PSU
Note: Shortly after release, our team identified a condition wherein application windows may not close properly, leaving screen artifacts on client displays after the Installation of PSU 5.  A solution to this problem was made available at the time as a 'hotfix patch,' to be installed in parallel with PSU 5.  That solution has since been integrated within PSU 6, which supersedes this release. 

For reference information about this issue, please see <Document 2134978.1>.

The following third party components were updated within SGD 52p5

ComponentSGD 5.2SGD 5.2 + Apr 2016 PSU
OpenSSL 1.0.1l 1.0.2g

Formal details regarding ALL the defects resolved within this patchset may be found within the README that is bundled with the update.  

Bugs Fixed within SGD 52p5
22965911 THIRD TIER WINDOWS SMARTCARD AUTHENTICATION FAILS THROUGH UBUNTU
22956900 ADD LOGIC TO WCPWTS.EXP TO SET NAME PARAMETER TO CLIENT IP ADDRESS
22932175 REMOVE SUPPORT FOR RC4
22858532 ESC: QT APP WITH DOCKWIDGETS CRASHES WHEN MOVING FRAMES AND USING CWM
22844333 AUDIT LOGGING CAN BE UNRELIABLE
22810261 IMPROVE DEBUG FOR SINGLE SIGN-ON
22733119 UPDATE TO LIBXCB 1.9
22699928 ABILITY TO RUN APPLICATIONS WITH INCOMPATIBLE XPE CONFIGURATIONS
22680730 WEBSOCKET EVENTS MECHANISM IS BROKEN IN FIREFOX 43.0 ON LINUX
22653687 SYNCHRONIZATION AND USER DRIVEN CHANGES CAN OCCUR SIMULTANEOUSLY
22597410 REMOTE GEDIT CRASHES WHEN PASTING TEXT FROM OTHER REMOTE GEDIT USING WINDOWS
22578814 CORRUPT PREFERENCE FILES CAN CAUSE JSERVER TO EXIT
22497920 ESC: TRUNCATION WHEN COPYING A CELL FROM LOCAL TO REMOTE MICROSOFT OFFICE 2010 EXCEL
22491010 RESET TARANTELLA-CONFIG-XPECONFIG-CLIPBOARD-TARGETS-NODEAL SETTING
22478519 ESC: JSERVER/TOMCAT HEAP EXHAUSTED ALONG WITH TTAAUXSERV SEGFAULTS
20928421 ER: ALLOW X SESSION TO TERMINATE WHILST SELECTED CLIENTS ARE STILL ACTIVE
22691525
22357914
22357809
22354899
UPDATE TO OPENSSL 1.0.2G
The January 2016 PSU

New functionality includes support for:

Formal details regarding ALL the defects resolved within this patchset may be found within the README that is bundled with the update.  

Bugs Fixed within SGD 52p4
22377433 MYDESKTOP FAILS IF SGD CLIENT IS STARTED FIRST
22333275 INCORRECT PERMISSIONS ON WEB APPLICATION THIN/TCC DIRECTORY CREATED IN 5.2P3
22330219 APPLICATION IN TWO GROUPS WILL LAUNCH FROM ONLY ONE GROUP
22314161 CONFIG_INSTALL FAILS TO COMPLETE IF VAR/RSA/RSA_SAMPLE.PROPERTIES IS MISSING
22284575 WEBSOCKET CLOSE IS NOT HANDLED CORRECTLY IN PROXYSERVER/SSL DAEMON
22279464 ADD RIA ATTRIBUTE "APPLICATION-NAME" TO CLIENT JAR MANIFEST
22276174 SGD SERVER CANNOT ESTABLISH PEM CONNECTION WHEN HOSTNAME IS INVALID
22231766 RFE: INCLUDE SESSIONID IN THE START/END SESSION AUDIT INFORMATION
22230323 ESC: SOAP ERROR - INVALID XML CHARACTER
22225328 ESC: WINDOWS 7 CLIENT CRASHES AFTER LOGIN WHEN LAUNCHED FROM START MENU
22141141 WINDOWS 10 APPLICATION SERVER: AUDIO STOPS WORKING IF THE PLAYER IS CLOSED AND REOPENED.
22126372 UNABLE TO LOG IN TO SGD AFTER A BLANK STRING IS SENT OVER A WEBSOCKET CONNECTION
22018512 ESC: CELL BORDER NOT HIGHLIGHTED WHEN USING HTML5 CLIENT WITH MICROSOFT EXCEL
22018495 ESC: CARET/TEXT CURSOR NOT DISPLAYED WHEN USING HTML5 CLIENT WITH MICROSOFT WORD
21923040 HTML5 USER INTERFACE DOES NOT WORK CORRECTLY IN INTERNET EXPLORER 11 AND FIREFOX BROWSERS
21690615 CMD+Q CAUSES NEW MAC CLIENT TO QUIT WITHOUT PROMPT
21656537 GNOME TERMINAL LAUNCH FAILS ON ORACLE LINUX 7 APPLICATION SERVER
21612761 BLANK SCREEN WHEN RETURNING TO THIN WEBTOP AFTER SGD CLIENT HAS CLOSED DOWN
21527052 ESC: SHIFT KEY ON FRENCH KEYBOARD DOES NOT BEHAVE AS EXPECTED
21450538 PROBLEMS WITH OPENSSL: CVE-2015-1788 CVE-2015-1791 CVE-2015-4000
21105610 ORACLE LINUX 7 SUPPORT FOR SGD APPLICATION SERVERS
The October 2015 PSU

New functionality includes:

Formal details regarding ALL the defects resolved within this patchset may be found within the README that is bundled with the update.  

Bugs Fixed within SGD 52p3
21930549 ESC: SGD CLIENT FAILS TO START IF UNDERSCORE IN WINDOWS USERNAME
21783913 JNLP-BASED WEB START LOGIN FAILS VIA PROXY
21776730 KIOSK ESCAPE MENU IS MISSING WHEN LAUNCHING APPLICATION TO SECONDARY MONITOR
21698901 SGD CLIENT EXITS OR REPORTS UNTRUSTED CONNECTION AFTER INSTALL OF NEW SSL CERTIFICATE
21698461 REVISE CLIENT JAR SUFFIXES FOR 5.2P3 PATCH
21627685 CLIENT CONNECTED CHECK DOES NOT HANDLE HTTP ERRORS APPROPRIATELY
21568907 THIN WEBTOP WELCOME.JSP FILE ADDED IN 5.2P2HF1 HAS STRANGE FILE OWNERSHIP
21568874 REMOVING PATCH 5.2P2HF1 FROM SERVER REMOVES THIN WEBTOP WELCOME.JSP PAGE
21531537 LOGIN DIALOG BOX SHOWS UNKNOWN CHARACTERS WITH GERMAN LANGUAGE
21507756 INCORRECT PASSWORD CACHE ENTRY FOR APPLICATION LAUNCH WITH MULTIPLE HOSTING SERVERS
21471895 WEBSERVER ADD_TRUSTED_USER USES INCORRECT PATH FOR JRE
21294732 NO ERROR ON ENTERING A MATCHING ACTIVE DIRECTORY PASSWORD THAT IS BELOW THE MINIMUM LENGTH
21244194 SEARCHING FOR PRINT JOBS CAN TRIGGER LOOKUPS TO THE PROTOCOL ENGINE MANAGER
21135425 FIREFOX FAILS TO OPEN WHEN LAUNCHING THE SGD CLIENT MANUALLY
20735688 CLASSROOM SHADOWING DOES NOT WORK OVER TELNET
20679560 SGD CLIENT WITH CORRECT PERMISSIONS DOES NOT USE SUN RAY LICENSE STORE
20644473 TOGGLING KIOSK-TO-IWM-TO-KIOSK WITH RANDR ON MAC OS X INCORRECTLY SIZES THE WINDOW
17559489 SGD CLIENT FAILS TO RUN FROM JAVA HELPER ON MAC OS X 10.9
14223876 ERROR ON TRYING TO OPEN A WORD FILE IN MAPPED DRIVE OF WINDOWS APPLICATION ON UBUNTU CLIENT
12294596 COPY AND PASTE FROM WINDOWS SESSION TO SGD APPLICATION AUTHENTICATION PROMPT HANGS

 

The July 2015 PSU

The following third party components were updated within this PSU:

ComponentSGD 5.2
SGD 5.2 + July 2015 PSU
OpenSSL 1.0.1l 1.0.1m

Formal details regarding ALL the defects resolved within this patchset may be found within the README that is bundled with the update.

Bugs Fixed within SGD 52p2
21376004 UNABLE TO RESUME APPLICATION SESSIONS AFTER VPN TIMEOUT AND RECONNECT
21370406 PROBLEMS WITH KERBEROS LIBRARIES: CVE-2010-1323 CVE-2010-1324 CVE-2010-4020
21296970 A NEW TTAXPE CAN BE LAUNCHED WITH EVERY APPLICATION
21296329 SERVER DOES NOT RESET THE PAM FAILED LOGIN COUNTER
21215134 UPDATING ACTIVE DIRECTORY PASSWORDS SOMETIMES FAILS
21179667 PROBLEM WITH THE SGD SERVER:  CVE-2015-2581
20944540 REMOVING WEBSERVER PATCH DOES NOT UPDATE STATE OF PREVIOUS PATCH
20736742 PROBLEMS WITH OPENSSL: CVE-2015-0286 CVE-2015-0287 CVE-2015-0289
20729181 EXTEND CERTIFICATE VERIFICATION
20676872 AFTER FAILED PATCH ADD SUBSEQUENT PATCH ADD DISPLAYS MKDIR ERROR

 

The May 2015 PSU

Additional details regarding the bugs resolved within this patchset may be found within the README that is bundled with the update.

Bugs Fixed within SGD 52p1
20978819 FAILED TO CREATE SERVICE OBJECT WHEN SPACES EMBEDDED IN DN
20865767 INCORPORATE 5.1 KEYBOARD ESCALATIONS IN 5.2
20755764 INCORRECT LOCK HANDLING BY SYNCHRONISER
20713035 PROBLEMS WITH X SERVER:
CVE-2015-1802 CVE-2015-1803 CVE-2015-1804 CVE-2015-0255 CVE-2014-8091 CVE-2014-8092 CVE-2014-8093 CVE-2014-8095 CVE-2014-8096 CVE-2014-8097 CVE-2014-8098 CVE-2014-8100 CVE-2014-8101 CVE-2014-8102
20645224 PROBLEM WITH LEFT MOUSE BUTTON SELECT TECHNIQUE TO COPY FROM DTTERM
20645205 COPY AND PASTE FAILS SILENTLY IN ONE DIRECTION TO ONE APPLICATION
20235549 ESC - EXPECT DOES NOT ACCEPT "-FINAL" PARAMETER ON VMS.EXP

 

Actions

Download the Appropriate Patch Set Update

PatchNames / Aliases
[25764545] Patchset 9  |  Apr 2017 Patch Set Update for SGD 5.2  |  SGD 52p9
 25451912 Patchset 8  |  Feb 2017 Patch Set Update for SGD 5.2  |  SGD 52p8
 24823967 Patchset 7  |  Oct 2016 Patch Set Update for SGD 5.2  |  SGD 52p7
 23590581 Patchset 6  |  Jul 2016 Patch Set Update for SGD 5.2  |  SGD 52p6
 22925265 Patchset 5  |  Apr 2016 Patch Set Update for SGD 5.2  |  SGD 52p5
 22195585 Patchset 4  |  Jan 2016 Patch Set Update for SGD 5.2  |  SGD 52p4
 21620479 Patchset 3  |  Oct 2015 Patch Set Update for SGD 5.2  |  SGD 52p3
 21263161 Patchset 2  |  Jul 2015 Patch Set Update for SGD 5.2  |  SGD 52p2
 21090812 Patchset 1  |  May 2015 Patch Set Update for SGD 5.2  |  SGD 52p1

These patch clusters are available to contracted customers as Oracle Patches.  These patches may be downloaded using the links above, or from the My Oracle Support (MOS) Portal directly, by connecting to https://support.oracle.com with an internet browser.

  1. Authenticate with the portal using existing MOS credentials.
  2. Select the Patches and Updates tab.
  3. In the Patch Search tab, search by "Number / Name."
  4. Update the value for Patch Name or Number is to the revelant Patch ID above.
  5. Click the Search button.
  6. Select the appropriate installation platform from the available options, and schedule a download.

 

Verification

Before attempting to install any update in a production environment, it must be extracted from the download archive, which will implicitly verify the structural integrity. 

To do so:

  1. Save the PSU downloaded from MOS (i.e. p22925265_52000_SOLARIS64.zip) to the '/tmp' directory on every host machine where Secure Global Desktop has been installed.
  2. Expand the zip archive, to prepare the PSU for installation.

    Example:
     

Contacts

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Details
 Patch Set Updates
 Quick Reference
 The April 2017 PSU
 Bug Fixes
 Previous Release Reference
 The February 2017 PSU
 The October 2016 PSU
 The July 2016 PSU
 The April 2016 PSU
 The January 2016 PSU
 The October 2015 PSU
 The July 2015 PSU
 The May 2015 PSU
Actions
 Download the Appropriate Patch Set Update
 Verification
 Installation
 Back-out
Contacts
References

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.