More on the Solaris ssh stuff (part 3)
I brought another Solaris machine up to the current patchlevels today, which let me see what the current state of affairs is. The best answer is that it's confusing and not fixed yet.
- patch 112908-24 and 112908-25, the apparently bad versions of the 'krb5 shared obj' patch, have been very thoroughly removed.
- 112908-23 remains available on the patches.sun.com website, but it
is not mentioned in
patchdiag.xref. In fact, according to
patchdiag.xrefthere is no currently valid version of 112908 (and -24 and -25 are not explicitly in there marked as bad and withdrawn, either; instead they've just been Stalinized).
- 113273-11 (sshd) and 114356-08 (ssh) remain in
patchdiag.xrefas the only live versions. They are recommended patches, and 113273-11 is marked as a security patch as well.
- However, both 113273-11 and 114356-08 specifically require 112908-24, the unavailable krb5 patch; they will fail to install on a system with 112908-23.
Thus, Sun has quietly removed 112908-24 and 112908-25 as buggy but failed to withdraw or fix patches that depend on it. The result is that you cannot install a recommended Sun security patch, and of course the situation is not fixed in the least. (The only true fix for the situation is for Sun to release new, non-buggy versions of the patches. For some reason they haven't yet gotten around to this.)
The best workaround for now is to manually install the last good versions of the bad patches; you want 113273-10 and 114356-06. Pca will handily do this for you.
How not to get our business
From email sent to the University of Toronto's InterNIC WHOIS contact email address recently, from one email@example.com:
Our site monitoring software has alerted us that someone from your organization was doing a search on Google.ca for "Toronto collocation" and you visited our site, [deleted].
I was just wondering if your search was successful and if we can help you with your current or future hosting or collocation needs?
Director, Strategic Alliances
The Capris Group
Yes, certainly, the best way to persuade people at the University of Toronto to do business with you is to spam them. And it definitely looks clueful to ask the InterNIC WHOIS contact for an organization with, oh, 60,000 people or so using its network if some random search was successful. And finally there is the chutzpah of offering hosting and colocation services to one of Canada's largest universities.
(I am assuming, generously, that there was a real search. I am an optimist. Also, I'm sure that this is more or less automated spam, so that no thinking human being ever looked at who it was being sent to. Which is yet another way to impress us with your attention to detail, or lack thereof.)
Unfortunately they have their own ASN and /22 (126.96.36.199/22, AS 33162, which is also where the email came from), so I suspect that my request to their upstream route to do something about this is going to be ignored. (But then, this is nothing new.)