My Oracle Support Banner

Patch Set Updates for Secure Global Desktop 5.4 (Doc ID 2423648.1)

Last updated on APRIL 16, 2019

Applies to:

Oracle Secure Global Desktop - Version 5.4 to 5.4 [Release 5.0]
Information in this document applies to any platform.

Details

Patch Set Updates

Patch Set Updates (PSUs) are clusters of recommended stability, security, and/or performance patches that have been certified for an existing maintenance release of SGD.   Patch Set Updates use the integrated Secure Global Desktop Patch Mechanism, and are available to customers with a valid Customer Support Identifier with named support for the Secure Global Desktop product.

PSUs may update many specific components of SGD.  After application, updated components may report a different SGD version, when compared to components which have not been updated.

Please Note: There are other patches available for SGD 5.4, including JVM and SGD Web Server updates.  For information on these, and more, please see the Secure Global Desktop Release Announcement Reference.  The SGD RAR always includes the latest information regarding SGD releases, and a matrix of all available patches for any supported version of the product.

Quick Reference

This is a high level index of the available Patch Set Updates for Secure Global Desktop 5.4.  Please see the relevant sections below for additional information regarding these patches.

Release DatePatch IDPrerequisitesComments
Apr 2019 [29608663] SGD 5.4 Important security and stability fixes for SGD 5.4.
Additional Details
Jan 2019  29204564 SGD 5.4 Superseded by the Apr 2019 CPU
Reference Information
Oct 2018  28643693 SGD 5.4 Introduced 64Bit client for MacOS, new health check functionality for SGD via ticker.jsp. Superseded by the Jan 2019 CPU
Reference Information
Jul 2018  28127874 SGD 5.4 Superseded by the Oct 2018 CPU
Reference Information

 

Apr 2019 PSU

The Apr 2019 PSU for Oracle Secure Global Desktop 5.4 (54p4) is a maintenance roll-up that includes important security and stability updates for SGD 5.4. This PSU may be applied directly to a fresh install, or over a previously patched system using the tarantella patch add command.

Administrators are encouraged to test this update thoroughly prior to rolling into production, and to forward any questions to Oracle's Desktop Virtualization team.

This comprehensive PSU includes the following changes:

Third Party Updates

This PSU updated the following third party components:

ComponentSGD 5.45.4 + Apr 2019 PSU
OpenSSL 1.0.2n 1.0.2r
libCurl 7.58.0 7.64.0
Bug Fixes

The following table is intended as a high-level reference for critical updates included within this patch.   
This table extends the named list of solutions delivered within preceding patch roll-ups.

Bugs fixed within SGD 54p4
29514051 X-SERVER CRASHES
29502442 WINDOWS APPLICATIONS ARE BLACK WHEN RESUMED
29489057 PROBLEM WITH OPENSSL: CVE-2019-1559
29462865 ESC - SHARED USERS IN AN ARRAY CAN GET THE WRONG WORKSPACE CONTENT
29389483 OSS AUDIO COMPONENT DOES NOT COMPILE WITH LATEST OL7 KERNEL
29357231 PROBLEM WITH LIBCURL: CVE-2019-3822
29311598 NULLPOINTEREXCEPTION THROWN FROM 'CLIENT SETTINGS' APPLICATION
Note: For Administrators skipping the previous patch release, and going straight to PSU 4.

The previous maintenance update included changes to the SGD Clients, also included here.  Users who connect with the "installed" client modality may need to upgrade any previously installed SGD Client software in order to take advantage of these updates. New users will automatically be directed to the latest available clients. 

Additional details may be found in the following articles:

>  (Doc ID 2380456.1) - Using the Client Options Menu to Select Client Types in Secure Global Desktop 5.4
>  (Doc ID 2399198.1) - SGD 5.4 Client Support Policy

Additional details regarding the solutions included within this update may be found within the README that is attached to this document, and bundled directly with the update.

Previous Release Reference

Patch Set Updates for Secure Global Desktop 5.4 are cumulative; each maintenance update includes the previously delivered fixes.  For easy reference, the fixes outlined below are attributed to their original delivery mechanism, but are comprehensively included within the latest release.

Jan 2019 PSU

The following table is intended as a high-level reference for  critical updates included within this patch. 
This table extends the named list of solutions delivered within preceding patch roll-ups.

Bugs fixed within SGD 54p3
29133366 GNOME SESSION ISSUES WHEN USING A REMOTE OL7.6 APPLICATION SERVER
29129857 ESC - AUTHENTICATION DOES NOT WORK WITH CHARACTERS LIKE Ä,Ö,Ü IN THE CERTIFICATE
Note: To use non-ASCII characters in certificates, both SGD server and Gateway must be patched to at least January 2019 PSU.
29041584 UPDATE SGD 5.4 TO USE LOG4J 2.11.1
29004355 RELAX CLIENT/SERVER COMPABILITY CHECKS
28986329 ESC - APPLICATION SERVER NAME IS NOT SHOWN IN LAUNCH DIALOG BOX
Note: This solution includes updates to the client.  Previously installed Windows clients must be updated.
28978676 ESC - CLIENT MODALITY SWITCHES FROM INSTALLED TO JNLP AFTER NETWORK GLITCH
28931550 ESC - TARANTELLA QUERY ERRLOG FAILS
28912863 ESC - HORIZONTAL SCROLL BAR MISSING FROM LEFT HAND FRAME OF WORKSPACE
28902719 ESC - APPLICATION BUTTON COLOR DOES NOT DISPLAY AS EXPECTED
28800935 PROBLEM WITH TOMCAT: CVE-2018-11784
28767351 LOGIN AFTER HTML 5 LOGOUT USES THE STANDARD METHOD INSTEAD HTML 5.
28767302 "EXCEPTION WAS THROWN" MESSAGE IS DISPLAYED ON THE WEBTOP WHEN RELOGIN AFTER SECURID LOGOUT
28656855 JSP CHANGES TO HANDLE SECURID APACHE MODULE LOGOUT
26737520 ESC - LOAD BALANCING IGNORES ENABLED SERVER
Note: This maintenance update included changes to the SGD Clients.  Users who connect with the "installed" client modality may need to upgrade any previously installed SGD Client software in order to take advantage of these updates. New users will automatically be directed to the latest available clients. 

Additional details regarding the solutions included within this update may be found within the README that is attached to this document, and bundled directly with the update.

Oct 2018 PSU

The following table is intended as a high-level reference for the critical updates included within this patch. 
This table extends the named list of solutions delivered in preceding patch roll-ups.

Bugs fixed within SGD 54p2
28696476 ESC - RSA AUTHENTICATION - USER SELECTABLE PIN ASSIGNMENTS ARE NOT SUPPORTED
28648271 ISSUE HANDLING HOSTNAME FOR OVM MANAGER
28648249 POTENTIAL DUPLICATION OF SEARCHIDS
28638369 SOME X11PERF TESTS (EG. MOVEWIN AND COPYWIN) ARE SHOWING POOR PERFORMANCE
28414833 ESC - SCREEN ARTIFACTS WHEN USERS CLICK QUICKLY THROUGH A SUBWINDOW
28257779 ESC - PASSWORD CACHE ENTRIES ARE NOT WORKING FOR MULTI-USER PROFILES
28188583 SOME SGD COMMANDS ARE VERY SLOW TO RUN IN AN SSSD ENVIRONMENT
28101247 ESC - SGD AUTHENTICATION VIA SECURID FAILS AFTER SOME TIME
27722316 LAUNCH ATTEMPTS SHOULD SKIP ANY SERVER WITH --USER-LOGIN DISABLED

Additional details regarding the solutions included within this update may be found within the README that is attached to this document, and bundled directly with the update.

Jul 2018 PSU

This PSU updated the following third party components:

ComponentSGD 5.45.4 + Jul 2018 PSU
OpenSSL 1.0.2n 1.0.2o
libCurl 7.58.0 7.60.0

The following table is intended as a high-level reference for the critical updates included in this patch. 

Bugs fixed within SGD 54p1
28126821 ESC - MEMORY USAGE INCREASES WHEN GNUPLOT USED
28069576 ESC - APPLICATION RESUME FAILURE IF USING DIFFERENT SGD HOST AND SECURID
28043954 ESC - SUPPORT WINDOWS SERVERS WITH CREDSSP UPDATE
28043731 PROBLEM WITH CURL: CVE-2018-1000300
28001217 UPDATE ENCRYPTION ALGORITHMS USED IN THE ROUTING TOKEN
To use the later algorithms, both SGD server and Gateway must be patched to at least July 2018 PSU.
27940831 PROBLEM WITH PROFILEEDIT.JSP
27903439 ESC - BROWSER HANGS UPON SUCCESSFUL AUTHENTICATION IN INTERNET EXPLORER
27860706 REDUCE CLIENT RELIANCE ON DNS RESOLUTION
27838161 PROBLEM WITH OPENSSL: CVE-2018-0739 CVE-2018-0733 CVE-2017-3738
27815391 WARNING MESSAGES SEEN IN PATCH LOG
27737936 ESC - SLOW SCROLLING IN X-APPLICATION
27722316 LAUNCH ATTEMPTS SHOULD SKIP ANY SERVER WITH --USER-LOGIN DISABLED
27714872 .SGD FILE GETS DOWNLOADED WHEN CONNECTING FROM A WINDOWS CLIENT
26940300 ER: REQUEST FOR SGD GATEWAY TO CHECK IF SGD SERVER IS WORKING CORRECTLY
26397027 FAILURE TO PASS VALUE TO --ALLOWUNSECURESSH WILL CAUSE NEW_XAPP TO FAIL SILENTLY
25466489 APPLICATION RESUME FAILS BETWEEN ARRAY MEMBERS WITH "ERRDOESNOTEXIST"
18696423 ER: 64 BIT MAC CLIENT PORT

Additional details regarding the solutions included within this update may be found within the README that is attached to this document, and bundled directly with the update.

 

Actions

Download the Appropriate Patch Set Update

PatchNames / Aliases
[29608663] Patchset 4  |  Apr 2019 Patch Set Update for SGD 5.4  |  SGD 54p4
 29204564 Patchset 3  |  Jan 2019 Patch Set Update for SGD 5.4  |  SGD 54p3
 28643693 Patchset 2  |  Oct 2018 Patch Set Update for SGD 5.4  |  SGD 54p2
 28127874 Patchset 1  |  Jul 2018 Patch Set Update for SGD 5.4   |  SGD 54p1

These patch clusters are available to contracted customers as Oracle Patches.  These patches may be downloaded using the links above, or from the My Oracle Support (MOS) Portal directly, by connecting to https://support.oracle.com with an internet browser.

  1. Authenticate with the portal using existing MOS credentials.
  2. Select the Patches and Updates tab.
  3. In the Patch Search tab, search by "Number / Name."
  4. Update the value for Patch Name or Number is to the relevant Patch ID above.
  5. Click the Search button.
  6. Select the appropriate installation platform from the available options, and schedule a download.

 

Verification

Before attempting to install any update in a production environment, it must be extracted from the download archive, which will implicitly verify the structural integrity. 

To do so:

  1. Save the PSU downloaded from MOS to the /tmp directory on every host machine where Secure Global Desktop has been installed.
  2. Expand the zip archive, to prepare the PSU for installation.

    Example:
     

Contacts

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Details
 Patch Set Updates
 Quick Reference
 Apr 2019 PSU
 Third Party Updates
 Bug Fixes
 Previous Release Reference
 Jan 2019 PSU
 Oct 2018 PSU
 Jul 2018 PSU
Actions
 Download the Appropriate Patch Set Update
 Verification
 Installation
 Prerequisites
 Procedure
 Back-out
Contacts
References

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.