My Oracle Support Banner

Patch Set Updates for Secure Global Desktop 5.4 (Doc ID 2423648.1)

Last updated on OCTOBER 16, 2018

Applies to:

Oracle Secure Global Desktop - Version 5.4 to 5.4 [Release 5.0]
Information in this document applies to any platform.

Details

Patch Set Updates

Patch Set Updates (PSUs) are clusters of recommended stability, security, and/or performance patches that have been certified for an existing maintenance release of SGD.   Patch Set Updates use the integrated Secure Global Desktop Patch Mechanism, and are available to customers with a valid Customer Support Identifier with named support for the Secure Global Desktop product.

PSUs may update many specific components of SGD.  After application, updated components may report a different SGD version, when compared to components which have not been updated.

Please Note: There are other patches available for SGD 5.4, including JVM and SGD Web Server updates.  For information on these, and more, please see the Secure Global Desktop Release Announcement Reference.  The SGD RAR always includes the latest information regarding SGD releases, and a matrix of all available patches for any supported version of the product.

Quick Reference

This is a high level index of the available Patch Set Updates for Secure Global Desktop 5.3.  Please see the relevant sections below for additional information regarding these patches.

Release Date Patch ID Prerequisites Comments
Oct 2018 [28643693] SGD 5.4 Important security and stability fixes for SGD 5.4.
Additional Details
Jul 2018  28127874 SGD 5.4 Note: Superseded by the Oct 2018 Comprehensive CPU
Reference Information

 

Oct 2018 PSU

The Oct 2018 PSU for Oracle Secure Global Desktop 5.4 (54p2) is a maintenance roll-up that includes important security and stability updates for SGD 5.4. This PSU may be applied directly to a fresh install, or over a previously patched system using the tarantella patch add command.

Note: Administrators are encouraged to test this update thoroughly prior to rolling into production, and to forward any questions to Oracle's Desktop Virtualization team.

This comprehensive PSU includes the following changes.

Bug Fixes

The following table is intended as a high-level reference for the critical updates included in this patch. 
This table extends the named list of solutions delivered in preceding patch roll-ups.

Bugs fixed within SGD 54p2
28696476 ESC - RSA AUTHENTICATION - USER SELECTABLE PIN ASSIGNMENTS ARE NOT SUPPORTED
28648271 ISSUE HANDLING HOSTNAME FOR OVM MANAGER
28648249 POTENTIAL DUPLICATION OF SEARCHIDS
28638369 SOME X11PERF TESTS (EG. MOVEWIN AND COPYWIN) ARE SHOWING POOR PERFORMANCE
28414833 ESC - SCREEN ARTIFACTS WHEN USERS CLICK QUICKLY THROUGH A SUBWINDOW
28257779 ESC - PASSWORD CACHE ENTRIES ARE NOT WORKING FOR MULTI-USER PROFILES
28188583 SOME SGD COMMANDS ARE VERY SLOW TO RUN IN AN SSSD ENVIRONMENT
28101247 ESC - SGD AUTHENTICATION VIA SECURID FAILS AFTER SOME TIME
27722316 LAUNCH ATTEMPTS SHOULD SKIP ANY SERVER WITH --USER-LOGIN DISABLED

Additional details regarding the solutions included within this update may be found within the README that is attached to this document, and bundled directly with the update.

Previous Release Reference

Patch Set Updates for Secure Global Desktop 5.4 are cumulative; each maintenance update includes the previously delivered fixes.  For easy reference, the fixes outlined below are attributed to their original delivery mechanism, but are comprehensively included within the latest release.

Jul 2018 PSU

This PSU updated the following third party components:

Component SGD 5.4 5.4 + Jul 2018 PSU
OpenSSL 1.0.2n 1.0.2o
libCurl 7.58.0 7.60.0

The following table is intended as a high-level reference for the critical updates included in this patch. 

Bugs fixed within SGD 54p1
28126821 ESC - MEMORY USAGE INCREASES WHEN GNUPLOT USED
28069576 ESC - APPLICATION RESUME FAILURE IF USING DIFFERENT SGD HOST AND SECURID
28043954 ESC - SUPPORT WINDOWS SERVERS WITH CREDSSP UPDATE
28043731 PROBLEM WITH CURL: CVE-2018-1000300
28001217 UPDATE ENCRYPTION ALGORITHMS USED IN THE ROUTING TOKEN
To use the later algorithms, both SGD server and Gateway must be patched to at least July 2018 PSU.
27940831 PROBLEM WITH PROFILEEDIT.JSP
27903439 ESC - BROWSER HANGS UPON SUCCESSFUL AUTHENTICATION IN INTERNET EXPLORER
27860706 REDUCE CLIENT RELIANCE ON DNS RESOLUTION
27838161 PROBLEM WITH OPENSSL: CVE-2018-0739 CVE-2018-0733 CVE-2017-3738
27815391 WARNING MESSAGES SEEN IN PATCH LOG
27737936 ESC - SLOW SCROLLING IN X-APPLICATION
27722316  LAUNCH ATTEMPTS SHOULD SKIP ANY SERVER WITH --USER-LOGIN DISABLED
27714872 .SGD FILE GETS DOWNLOADED WHEN CONNECTING FROM A WINDOWS CLIENT
26940300 ER: REQUEST FOR SGD GATEWAY TO CHECK IF SGD SERVER IS WORKING CORRECTLY
26397027 FAILURE TO PASS VALUE TO --ALLOWUNSECURESSH WILL CAUSE NEW_XAPP TO FAIL SILENTLY
25466489 APPLICATION RESUME FAILS BETWEEN ARRAY MEMBERS WITH "ERRDOESNOTEXIST"
18696423 ER: 64 BIT MAC CLIENT PORT

Additional details regarding the solutions included within this update may be found within the README that is attached to this document, and bundled directly with the update.

 

Actions

Download the Appropriate Patch Set Update

Patch Names / Aliases
[28643693] Patchset 2  |  Oct 2018 Patch Set Update for SGD 5.4  |  SGD 54p2
 28127874 Patchset 1  |  Jul 2018 Patch Set Update for SGD 5.4  |  SGD 54p1

These patch clusters are available to contracted customers as Oracle Patches.  These patches may be downloaded using the links above, or from the My Oracle Support (MOS) Portal directly, by connecting to https://support.oracle.com with an internet browser.

  1. Authenticate with the portal using existing MOS credentials.
  2. Select the Patches and Updates tab.
  3. In the Patch Search tab, search by "Number / Name."
  4. Update the value for Patch Name or Number is to the relevant Patch ID above.
  5. Click the Search button.
  6. Select the appropriate installation platform from the available options, and schedule a download.

 

Verification

Before attempting to install any update in a production environment, it must be extracted from the download archive, which will implicitly verify the structural integrity. 

To do so:

  1. Save the PSU downloaded from MOS to the /tmp directory on every host machine where Secure Global Desktop has been installed.
  2. Expand the zip archive, to prepare the PSU for installation.

    Example:
    # cd /tmp
    # unzip p28643693_spso.zip
    Archive: p28643693_spso.zip
      inflating: readme.html             
      inflating: bundle_Patch_54p2_spso.tar.gz 

 

Installation

After the PSU has been verified, the SGD Administrator may apply it to the Secure Global Desktop deployment.

Prerequisites

  1. The instructions outlined below must be performed by the Administrator, within a terminal window on the host where SGD has been installed.
  2. The instructions outlined below make use of SGD's command line interface, via the tarantella command.  The command path for this utility is determined by the installation directory of the product, by default: /opt/tarantella/bin/tarantella.

Procedure

Patch Notes:
  1. SGD Maintenance updates are not replicated between nodes: these steps must be completed on each SGD server within an array, independently.
  2. SGD Maintenance updates may only be installed after SGD Services have been completely stopped. 
    As such, Oracle strongly recommends that this action be taken during a planned maintenance window.
  3. SGD Administrators are advised to review the README bundled with every patch to ensure there are no patch-specific installation requirements.
  1. Stop SGD Services on the node.
    # tarantella stop
     
  2. Run the 'tarantella patch add' command, naming the new patch.
    In this demonstration example, we'll use the PSU bundle expanded above, named: 'bundle_Patch_54p2_spso.tar.gz' 
    If needed, please update the following command with the appropriate path / file name.
    # tarantella patch add --file /tmp/bundle_Patch_54p2_spso.tar.gz

    [ ... ]

    Installation complete.
    Performing post install configuration...
     
  3. Verify the successful installation of the new patch.
    # tarantella patch list --active

    [...]

    Name : Patch_54p2
    Installation date : Tuesday, Oct 16  11:24:36 AM PDT 2018
    Status : active
     
  4. Resume SGD Services on the node
    # tarantella start


 

Back-out

If the application of a PSU introduces undesired behavior, it may be backed out at any time, restoring the previous functionality.

Note: The prerequisites and patch-specific notes outlined within the install guidance above are also applicable to the following instructions.
  1. Stop SGD Services on the node.
    # tarantella stop
     
  2. Run the 'tarantella patch remove' command, naming the patch to be removed.
    In this demonstration example, we'll use the PSU bundle installed above, named: 'Patch_54p2' 
    If needed, please update the command with the appropriate path / file name.
    # tarantella patch remove --name Patch_54p2
     
  3. Verify successful removal of the desired patch(es).
    Note: PSUs are installed as patch bundles, and may include several independent patches, such as WebServer or JVM Updates.  Once a bundle has been installed, each of the included patches must be removed independently.  The list of installed patches can be verified using the following command:
    # tarantella patch list
      
  4. Restart SGD Services on the node
    # tarantella start
     

Contacts

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Details
 Patch Set Updates
 Quick Reference
 Oct 2018 PSU
 Bug Fixes
 Previous Release Reference
 Jul 2018 PSU
Actions
 Download the Appropriate Patch Set Update
 Verification
 Installation
 Prerequisites
 Procedure
 Back-out
Contacts
References

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.