My Oracle Support Banner

Patch Set Updates for Secure Global Desktop 5.4 (Doc ID 2423648.1)

Last updated on JULY 09, 2019

Applies to:

Oracle Secure Global Desktop - Version 5.4 to 5.4 [Release 5.0]
Information in this document applies to any platform.

Details

Patch Set Updates

Patch Set Updates (PSUs) are clusters of recommended stability, security, and/or performance patches that have been certified for an existing maintenance release of SGD.   Patch Set Updates use the integrated Secure Global Desktop Patch Mechanism, and are available to customers with a valid Customer Support Identifier with named support for the Secure Global Desktop product.

PSUs may update many specific components of SGD.  After application, updated components may report a different SGD version, when compared to components which have not been updated.

Please Note: There are other patches available for SGD 5.4, including JVM and SGD Web Server updates.  For information on these, and more, please see the Secure Global Desktop Release Announcement Reference.  The SGD RAR always includes the latest information regarding SGD releases, and a matrix of all available patches for any supported version of the product.

Quick Reference

This is a high level index of the available Patch Set Updates for Secure Global Desktop 5.4.  Please see the relevant sections below for additional information regarding these patches.

Release Date Patch ID Prerequisites Comments
Jul 2019 [29966315] SGD 5.4 Important security and stability fixes for SGD 5.4. 
Includes updated client components, and SGD Enhancement Module.
Additional Details
Apr 2019  29608663 SGD 5.4 Superseded by the Jul 2019 CPU
Reference Information
Jan 2019  29204564 SGD 5.4 Superseded by the Apr 2019 CPU
Reference Information
Oct 2018  28643693 SGD 5.4 Introduced 64Bit client for MacOS, new health check functionality for SGD via ticker.jsp. Superseded by the Jan 2019 CPU
Reference Information
Jul 2018  28127874 SGD 5.4 Superseded by the Oct 2018 CPU
Reference Information

 

July 2019 PSU

The Jul 2019 PSU for Oracle Secure Global Desktop 5.4 (54p5) is a maintenance roll-up that includes important security and stability updates for SGD 5.4. This PSU may be applied directly to a fresh install, or over a previously patched system using the tarantella patch add command.

Administrators are encouraged to test this update thoroughly prior to rolling into production, and to forward any questions to Oracle's Desktop Virtualization team.

This comprehensive PSU introduces the following changes:

Third Party Updates

There are no new updates to bundled third party components that have been introduced within this release.  However, as a cumulative maintenance update for SGD 5.4, this update will include the latest component updates that were introduced in earlier patches.  Administrators are advised to review change notices for earlier updates, documented below.

Bug Fixes

The following table is intended as a high-level reference for critical updates included within this patch.   
This table extends the named list of solutions delivered within preceding patch roll-ups.

Bugs fixed within SGD 54p5
29965722 POTENTIAL DELAY READING DATA IN THE SSL DAEMON
29965629 CONNECTIVITY ISSUES WITH NGINX AND WTSS 
See notice below regarding SGD Client updates.
29965590 USER IS PROMPTED TWICE ALTHOUGH CREDENTIALS ARE CORRECT THE FIRST TIME
29871708 ESC - CREDENTIALS REJECTED WHEN USER PASSWORD CONTAINS A BACKSLASH
29787180 ESC - SETTING UMASK TO 077 AND PSU3 MAKES LOGIN IMPOSSIBLE IN SGD 5.4
29754439 AVOID LIMIT ON MAXIMUM LENGTH OF THE COLOCATED GATEWAY BALANCERMEMBER URL
29671120 ESC - TCC CLIENT DOES NOT ADJUST PROPERLY WHEN SCREEN RESOLUTION IS CHANGED
See notice below regarding SGD Client updates.
29667407 ESC - SEAMLESS APPLICATIONS REFUSE TO COME TO FOREGROUND USING ICONS IN TASK TRAY
See notice below regarding Enhancement Module updates.
29662786 TARANTELLA GATEWAY ADD REQUIRES RESTART OF ARRAY MEMBER
29516827 TARANTELLA ROLE LIST BROKEN
29488773 ESC - RESUME/LAUNCH FAILURES AFTER NETWORK SWITCH AND RELAUNCH OF TCC
See notice below regarding SGD Client updates.
29454130 OL7 TTATCC HANGS WHEN SAVING PROXY CREDENTIALS
29395039 UNABLE TO MINIMIZE WINAMP APPLICATION IN SWM MODE
See notice below regarding Enhancement Module updates.
29211934 ESC - SGD 54P2 SOME USERS LOSE ALL SESSIONS OCCASIONALLY
28993813 ESC - WINDOW OF X APPLICATION IS DRAWN CORRECT SIZE, BUT IS OFF-CENTER IN MULTI-DISPLAY CLIENT
28981332 APPLICATION FAILS TO LAUNCH AFTER PASSWORD EXPIRY
27765960 CANNOT DELETE ALL SSH KEY FILES FROM THE AUTHENTICATION DIALOG
27049232 TCC CRASHES DURING MANUAL LAUNCH IF URL IS BRIEF
24802061 ESC - WINDOWS SERVER 2016 SWM APPLICATIONS DISPLAYED WITH WIDE BLACK BORDER
See notice below regarding Enhancement Module updates.

Additional details regarding the solutions included within this update may be found within the README that is attached to this document, and bundled directly with the update.

Notice regarding SGD Client Updates

There are new SGD Clients included within this PSU.  Users who connect with the "installed" client modality may need to upgrade any previously installed SGD Client software in order to take advantages of these updates.  New users will automatically be directed to the latest available client components.

Additional details regarding the new "Installed" client modality may be found within the following articles:

 >  (Doc ID 2380456.1) - Using the Client Options Menu to Select Client Types in Secure Global Desktop 5.4
 >  (Doc ID 2399198.1) - SGD 5.4 Client Support Policy

 

Notice regarding Enhancement Module Updates

There are updates to the Enhancement Module for Windows included within this PSU.  Administrators who have previously installed this optional component on Windows Application servers will need to upgrade the Enhancement Module in order to take advantage of the fixes added within this release.  

Additional details regarding Enhancement Modules can be found within the Enhancement Module Administration Guide, published within the SGD Documentation Library.



Previous Release Reference

Patch Set Updates for Secure Global Desktop 5.4 are cumulative; each maintenance update includes the previously delivered fixes.  For easy reference, the fixes outlined below are attributed to their original delivery mechanism, but are comprehensively included within the latest release.

April 2019 PSU

This PSU updated the following third party components:

Component SGD 5.4 5.4 + Apr 2019 PSU
OpenSSL 1.0.2n 1.0.2r
libCurl 7.58.0 7.64.0

The following table is intended as a high-level reference for critical updates included within this patch.  
This table extends the named list of solutions delivered within preceding patch roll-ups.

Bugs fixed within SGD 54p4
29514051 X-SERVER CRASHES
29502442 WINDOWS APPLICATIONS ARE BLACK WHEN RESUMED
29489057 PROBLEM WITH OPENSSL: CVE-2019-1559
29462865 ESC - SHARED USERS IN AN ARRAY CAN GET THE WRONG WORKSPACE CONTENT
29389483 OSS AUDIO COMPONENT DOES NOT COMPILE WITH LATEST OL7 KERNEL
29357231 PROBLEM WITH LIBCURL: CVE-2019-3822
29311598 NULLPOINTEREXCEPTION THROWN FROM 'CLIENT SETTINGS' APPLICATION

Additional details regarding the solutions included within this update may be found within the README that is attached to this document, and bundled directly with the update.

January 2019 PSU

The following table is intended as a high-level reference for  critical updates included within this patch. 
This table extends the named list of solutions delivered within preceding patch roll-ups.

Bugs fixed within SGD 54p3
29133366 GNOME SESSION ISSUES WHEN USING A REMOTE OL7.6 APPLICATION SERVER
29129857 ESC - AUTHENTICATION DOES NOT WORK WITH CHARACTERS LIKE Ä,Ö,Ü IN THE CERTIFICATE
Note: To use non-ASCII characters in certificates, both SGD server and Gateway must be patched to at least January 2019 PSU.
29041584 UPDATE SGD 5.4 TO USE LOG4J 2.11.1
29004355 RELAX CLIENT/SERVER COMPABILITY CHECKS
28986329 ESC - APPLICATION SERVER NAME IS NOT SHOWN IN LAUNCH DIALOG BOX
Note: This solution includes updates to the client.  Previously installed Windows clients must be updated.
28978676 ESC - CLIENT MODALITY SWITCHES FROM INSTALLED TO JNLP AFTER NETWORK GLITCH
28931550 ESC - TARANTELLA QUERY ERRLOG FAILS
28912863 ESC - HORIZONTAL SCROLL BAR MISSING FROM LEFT HAND FRAME OF WORKSPACE
28902719 ESC - APPLICATION BUTTON COLOR DOES NOT DISPLAY AS EXPECTED
28800935 PROBLEM WITH TOMCAT: CVE-2018-11784
28767351 LOGIN AFTER HTML 5 LOGOUT USES THE STANDARD METHOD INSTEAD HTML 5.
28767302 "EXCEPTION WAS THROWN" MESSAGE IS DISPLAYED ON THE WEBTOP WHEN RELOGIN AFTER SECURID LOGOUT
28656855 JSP CHANGES TO HANDLE SECURID APACHE MODULE LOGOUT
26737520 ESC - LOAD BALANCING IGNORES ENABLED SERVER
Note: This maintenance update included changes to the SGD Clients.  Users who connect with the "installed" client modality may need to upgrade any previously installed SGD Client software in order to take advantage of these updates. New users will automatically be directed to the latest available clients. 

Additional details regarding the solutions included within this update may be found within the README that is attached to this document, and bundled directly with the update.

October 2018 PSU

The following table is intended as a high-level reference for the critical updates included within this patch. 
This table extends the named list of solutions delivered in preceding patch roll-ups.

Bugs fixed within SGD 54p2
28696476 ESC - RSA AUTHENTICATION - USER SELECTABLE PIN ASSIGNMENTS ARE NOT SUPPORTED
28648271 ISSUE HANDLING HOSTNAME FOR OVM MANAGER
28648249 POTENTIAL DUPLICATION OF SEARCHIDS
28638369 SOME X11PERF TESTS (EG. MOVEWIN AND COPYWIN) ARE SHOWING POOR PERFORMANCE
28414833 ESC - SCREEN ARTIFACTS WHEN USERS CLICK QUICKLY THROUGH A SUBWINDOW
28257779 ESC - PASSWORD CACHE ENTRIES ARE NOT WORKING FOR MULTI-USER PROFILES
28188583 SOME SGD COMMANDS ARE VERY SLOW TO RUN IN AN SSSD ENVIRONMENT
28101247 ESC - SGD AUTHENTICATION VIA SECURID FAILS AFTER SOME TIME
27722316 LAUNCH ATTEMPTS SHOULD SKIP ANY SERVER WITH --USER-LOGIN DISABLED

Additional details regarding the solutions included within this update may be found within the README that is attached to this document, and bundled directly with the update.

July 2018 PSU

This PSU updated the following third party components:

Component SGD 5.4 5.4 + Jul 2018 PSU
OpenSSL 1.0.2n 1.0.2o
libCurl 7.58.0 7.60.0

The following table is intended as a high-level reference for the critical updates included in this patch. 

Bugs fixed within SGD 54p1
28126821 ESC - MEMORY USAGE INCREASES WHEN GNUPLOT USED
28069576 ESC - APPLICATION RESUME FAILURE IF USING DIFFERENT SGD HOST AND SECURID
28043954 ESC - SUPPORT WINDOWS SERVERS WITH CREDSSP UPDATE
28043731 PROBLEM WITH CURL: CVE-2018-1000300
28001217 UPDATE ENCRYPTION ALGORITHMS USED IN THE ROUTING TOKEN
To use the later algorithms, both SGD server and Gateway must be patched to at least July 2018 PSU.
27940831 PROBLEM WITH PROFILEEDIT.JSP
27903439 ESC - BROWSER HANGS UPON SUCCESSFUL AUTHENTICATION IN INTERNET EXPLORER
27860706 REDUCE CLIENT RELIANCE ON DNS RESOLUTION
27838161 PROBLEM WITH OPENSSL: CVE-2018-0739 CVE-2018-0733 CVE-2017-3738
27815391 WARNING MESSAGES SEEN IN PATCH LOG
27737936 ESC - SLOW SCROLLING IN X-APPLICATION
27722316 LAUNCH ATTEMPTS SHOULD SKIP ANY SERVER WITH --USER-LOGIN DISABLED
27714872 .SGD FILE GETS DOWNLOADED WHEN CONNECTING FROM A WINDOWS CLIENT
26940300 ER: REQUEST FOR SGD GATEWAY TO CHECK IF SGD SERVER IS WORKING CORRECTLY
26397027 FAILURE TO PASS VALUE TO --ALLOWUNSECURESSH WILL CAUSE NEW_XAPP TO FAIL SILENTLY
25466489 APPLICATION RESUME FAILS BETWEEN ARRAY MEMBERS WITH "ERRDOESNOTEXIST"
18696423 ER: 64 BIT MAC CLIENT PORT

Additional details regarding the solutions included within this update may be found within the README that is attached to this document, and bundled directly with the update.

 

Actions

Download the Appropriate Patch Set Update

Patch Names / Aliases
[29966315] Patchset 5  |  Jul 2019 Patch Set Update for SGD 5.4  |  SGD 54p5
 29608663 Patchset 4  |  Apr 2019 Patch Set Update for SGD 5.4  |  SGD 54p4
 29204564 Patchset 3  |  Jan 2019 Patch Set Update for SGD 5.4  |  SGD 54p3
 28643693 Patchset 2  |  Oct 2018 Patch Set Update for SGD 5.4  |  SGD 54p2
 28127874 Patchset 1  |  Jul 2018 Patch Set Update for SGD 5.4   |  SGD 54p1

These patch clusters are available to contracted customers as Oracle Patches.  These patches may be downloaded using the links above, or from the My Oracle Support (MOS) Portal directly, by connecting to https://support.oracle.com with an internet browser.

  1. Authenticate with the portal using existing MOS credentials.
  2. Select the Patches and Updates tab.
  3. In the Patch Search tab, search by "Number / Name."
  4. Update the value for Patch Name or Number is to the relevant Patch ID above.
  5. Click the Search button.
  6. Select the appropriate installation platform from the available options, and schedule a download.

 

Verification

Before attempting to install any update in a production environment, it must be extracted from the download archive, which will implicitly verify the structural integrity. 

To do so:

  1. Save the PSU downloaded from MOS to the /tmp directory on every host machine where Secure Global Desktop has been installed.
  2. Expand the zip archive, to prepare the PSU for installation.

    Example:
     

Contacts

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Details
 Patch Set Updates
 Quick Reference
 July 2019 PSU
 Third Party Updates
 Bug Fixes
 Notice regarding SGD Client Updates
 Notice regarding Enhancement Module Updates
 Previous Release Reference
 April 2019 PSU
 January 2019 PSU
 October 2018 PSU
 July 2018 PSU
Actions
 Download the Appropriate Patch Set Update
 Verification
 Installation
 Prerequisites
 Procedure
 Back-out
Contacts
References

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.