My Oracle Support Banner

Web Server Updates for Secure Global Desktop 5.3 (Doc ID 2260412.1)

Last updated on FEBRUARY 01, 2019

Applies to:

Oracle Secure Global Desktop - Version 5.3 to 5.3 [Release 5.0]
Information in this document applies to any platform.

Details

Please Note: This version of Secure Global Desktop has been superseded by one of more subsequent product releases, and is scheduled to reach the end of it's Premier Support life in October, 2018.   After this date, previously published patches will continue to be available to customers with active support contracts, but there will be no further scheduled maintenance updates.

Please see the Secure Global Desktop Release Announcement Reference for the latest information regarding SGD releases, and a matrix of available patches for any supported version of the product.

 

Web Server Updates

Patches of this type are intended to update the third party components that are bundled and shipped with Secure Global Desktop as the SGD Web Services stack, and may include new versions Apache's HTTPd Server, OpenSSL, and the Tomcat Servlet Container.  These patches are available to customers with a valid Customer Support Identifier with named support for the Secure Global Desktop product.

These patches are valid for the core component of SGD 5.3 only; updates for Web Server components within the SGD Gateway are delivered within scheduled Patch Set Updates.

Please Note: There are other patches available for SGD 5.3, including JVM and Patch Set Updates. For details on these and more, please see the Secure Global Desktop Release Announcement Reference. The RAR always includes the latest information regarding SGD releases, and a matrix of all available patches for any supported version of the product.

 

July 2018

The July 2018 Web Server update for SGD 5.3 is now available for download from within My Oracle Support.  This is the latest tested—and fully supported—web server update for Secure Global Desktop, 5.3.  

Included Components

Component Version Package
Apache HTTP Server   2.2.34   apache-2.2.34_openssl-1.0.2o_jk1.2.42_64
OpenSSL   1.0.2o  
mod_jk   1.2.42  
Apache Tomcat Servlet Container   7.0.85   tomcat-7.0.85

Bug Fixes

The following table is intended as a high-level reference for the updates included in this patch.

Bugs fixed within April 2018 WS Update
28109995 PROBLEM WITH TOMCAT:
CVE-2018-1305
27829819 PROBLEM WITH OPENSSL:
CVE-2018-0739 CVE-2018-0733 CVE-2017-3738

Additional details regarding the solutions included within this update may be found within the README that is bundled directly with the update.


Previous Release Reference

The patches outlined below are included here for reference, but have been superseded by a later release.  The Desktop Virtualization team strongly recommends running the latest available patchset, but does recognize that it is sometimes necessary for enterprise customers to run explicitly certified component versions.  Details regard earlier releases are available below.

April 2018

The following third party components were bundled within this update.

Component Version Package
Apache HTTP Server   2.2.34   apache-2.2.34_openssl-1.0.2n_jk1.2.42_64
OpenSSL   1.0.2n  
mod_jk   1.2.42  
Apache Tomcat Servlet Container   7.0.82   tomcat-7.0.82

Additional details regarding this update may be found within the README that is bundled directly with the update.

Bugs fixed within April 2018 WS Update
27631038 REMOVE SOPAMONITORSERVICE SERVLET DEFINITION FROM WEB.XML
27638959 PROBLEM WITH OPENSSL:
CVE-2017-3737 CVE-2017-3738

 

January 2018

The following third party components were bundled within this update.

Component Version Package
Apache HTTP Server   2.2.34   apache-2.2.34_openssl-1.0.2m_jk1.2.42_64
OpenSSL   1.0.2m  
mod_jk   1.2.42  
Apache Tomcat Servlet Container   7.0.82   tomcat-7.0.82

Additional details regarding  this update may be found within the README that is bundled directly with the update.

Bugs fixed within January 2018 WS Update
27293887 PROBLEM WITH APACHE WEBSERVER:
CVE-2017-9798
27293849 UPDATE TOMCAT WEBSERVER TO 7.0.82
27186726 PROBLEM WITH OPENSSL:
CVE-2017-3735 CVE-2017-3736

 

August 2017

The August 2017 Web Server Update required the previous installation of the April 2017 Web Server Update.

The following third party components were bundled within this update.

Component Version Package
Apache HTTP Server   2.2.34   apache-2.2.34_openssl-1.0.2k_jk1.2.42_64
OpenSSL   1.0.2k  
mod_jk   1.2.42  

Additional details regarding this update may be found within the README that was bundled directly with the patch.

Bugs fixed within Aug 2017 WS Update
26364849
26533250
PROBLEM WITH APACHE WEBSERVER
CVE-2017-3167 CVE-2017-3169 CVE-2017-7659 CVE-2017-7668 CVE-2017-7679
CVE-2017-9788

 

April 2017

The following third party components were bundled within this update.

Component Version Package
Apache HTTP Server   2.2.32   apache-2.2.3_openssl-1.0.2k_jk1.2.42_64
OpenSSL   1.0.2k  
mod_jk   1.2.42  
Apache Tomcat Servlet Container   7.0.75   tomcat-7.0.75

Additional details regarding this update may be found within the README that is bundled directly with the patch.

Bugs fixed within April 2017 WS Update
25604840 DO NOT DISPLAY TOMCAT SERVER IDENTITY
25469971 PROBLEM WITH APACHE WEBSERVER:
CVE-2016-8743
25231171
25027853
PROBLEM WITH TOMCAT WEBSERVER:
CVE-2016-0762 CVE-2016-5018 CVE-2016-6794 CVE-2016-6796 CVE-2016-6797
CVE-2016-6816 CVE-2016-6817 CVE-2016-8735

 

 

Actions

Download the desired Web Server Update

PatchNames / Aliases
[28127848] Jul 2018 Web Server Update for SGD 5.3   |  SGD 53wsu5
 27806993 Apr 2018 Web Server Update for SGD 5.3  |  SGD 53wsu4
 27294527 Jan 2018 Web Server Update for SGD 5.3  |  SGD 53wsu3
 26569997 Aug 2017 Web Server Update for SGD 5.3 |  SGD 53wsu2
 25800254 Apr  2017 Web Server Update for SGD 5.3 |  SGD 53wsu1

These patch clusters are available to contracted customers as Oracle Patches.  These patches may be downloaded using the links above, or from the My Oracle Support (MOS) Portal directly, by connecting to https://support.oracle.com with an internet browser.

  1. Authenticate with the portal using existing MOS credentials.
  2. Select the Patches and Updates tab.
  3. In the Patch Search tab, search by "Number / Name."
  4. Update the value for Patch Name or Number is to the relevant Patch ID above.
  5. Click the Search button.
  6. Select the appropriate installation platform from the available options, and schedule a download.

Verification

Before attempting to install any update in a production environment, it must be extracted from the download archive, which will implicitly verify the structural integrity.

To do so:

  1. Save the WS Update package downloaded from MOS to the /tmp directory on every SGD host where it is to be applied.
  2. Expand the zip archive, to prepare the WS Update for installation.

    For example:

Contacts

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Details
 Web Server Updates
 July 2018
 Included Components
 Bug Fixes
 Previous Release Reference
 April 2018
 January 2018
 August 2017
 April 2017
Actions
 Download the desired Web Server Update
 Verification
 Installation
 Back-out
Contacts
References

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.