Novell Info: GroupWise Security Alert

Hot Patches were released today for 7.0.3 and 8.0.0. They are 7.0.3 HP3 and 8.0.0 HP2. Included in these hot patches are code changes to address security related problems.

Download Here

Four of the issues are with WebAccess and two of the issues are with GWIA (GroupWise Internet Agent)

For your reference the TIDs are:


On May 29, VUPEN Security S.A. plans to release notice of security vulnerabilities in GWIA. In anticipation of these notices, Novell communicated Hot Patch availability for both GroupWise 7 and GroupWise 8 via NGWList, NOVTTP, PSE-DSE lists, blog entries, FaceBook Pages and Twitter.

We also sent communications to every PSE/DSE yesterday explaining the details associated with each of these security issues. NTS, Marketing, Technical Sales specialists and Product Management have all been notified and are available to assist and answer questions.

These WebAccess security issues are very much like issues that were reported and resolved with the last set of hot patches. The GWIA issues have to do with buffer overflows.

Novell and GroupWise take every security report very seriously. We want our community to be well informed and well protected. GroupWise is very reliable and we know that our customers expect it to be the very best.

We do not disclose the exact details of any security defect so that ample time is provided to administrators to update their systems without malicious individuals having all of the knowledge to exploit any affected areas. Even after a patch is provided and sufficient time has been given to update, not every administrator will be able to act immediately and some may decide not to act at all and simply follow their own update/deployment schedules.

We do stress - All security issues should be taken seriously and patches applied.

Please follow ‘upgrading’ best practices guidelines when applying this patch. The affected components are GWIA and the WebAccess application.

GroupWise 6.x customers will need to upgrade to GroupWise 8 and apply the hot patches to resolve these security related reports.

In addition, the 7.0.3 HP3 code has a total of 64 defect fixes in this release. The GroupWise 8.0.0 HP2 includes 101 defect fixes. Please refer to the corresponding readme for further details on these code changes.

One more thing…an updated IDM driver for GroupWise 8 was also posted this week:
GroupWise 8 IDM Driver



How To-Best Practice
Comment List
Parents Comment Children