GroupWise 6.5.6 Update 2 Full Win/nlm 656up2

This document (5004632) is provided subject to the disclaimer at the end of this document.

patches this patch supersedes

This patch does not supersede any other patches.

patches that supersede this patch

This patch is not superseded by any other patches.

patch attributes

Security patch: Yes

Priority: Mandatory

Distribution Type: Public

http://download.novell.com/Download?buildid=v-om5o4ow9w~

document

Revision: 12

Document ID: 5004632

Creation Date: 2007-05-30 09:27:09

Modified Date: 2008-05-13 13:13:56

abstract

GroupWise 6,5 Support Pack 6, Update 2 May 29th, 2007 Overview The information in this Readme file pertains Update 2. This Support Pack contains updates for all components contained in the GroupWise 6.5 product. However, this Support Pack does not contain updates for GroupWise Messenger. GroupWise Messenger 1.0 Support Pack 6 is a separate download. GroupWise 6.5 Support Pack 6, Update 2 includes the NetWare, Linux, and Windows GroupWise6.5 software. The NetWare and Windows software is provided in one set of downloads; the Linux software, including the Cross-Platform client for Linux and Macintosh, is provided in a separate set of downloads.

details

1. Download gw656up2us.exe or gw656up2multi.exe to a temporary location
2. Doubleclick the self extracting executable to extract the files
3. If desired, rename the current client directory in the SDD and copy this new one in.
4. Run setup.exe to run the install.

security fixes

Vulnerability Explanation:
A security vulnerability in the GroupWise system that allows a malicious user to intercept authentication credentials through a 'man in the middle' mechanism. All of the following OS's are affected: Server: NetWare, Linux, Windows Client: Windows, Linux, Macintosh.
Reported as CVE-2007-2513. This vulnerability was discovered by Andreas Schmidt, cirosec GmbH (http://www.cirosec.de).

Customers running GroupWise 6.5.x should immediately upgrade all GroupWise Clients and all GroupWise Agents, MTA, POA, GWIA & Webaccess to GroupWise 6.5 Post SP6 dated May 22nd, 2007 or newer. Additionally, lock out all GroupWise Clients older than May 22nd, 2007 via ConsoleOne.

change log

Issues fixed since GroupWise 6.5 SP6.
------------------------------------

139247 - ItemGetText doesn't get BC field
138268 - Address selector lockup
137256 - Address selector lockup
141775 - ItemSaveInfo token results in error
135735 - ItemSetText token doesn't work on BCC resend
142462 - Save outgoing POP password
133627 - URL in msg won't open browser
138596 - Lotus Notes certificate not recognized
144440 - Infinite loop in object API
144442 - System address book infinite loop
140517 - Retain charset when changing view
145235 - Add property to determine POA status
123342 - Quickinfo shows wrong user
142565 - TNEF not displayed correctly
128809 - First cert not default
147699 - Can't view doc ref in a normal folder
122846 - Address book crash
142536 - Rule won't execute with user defined fields
152882 - Double conversion of ISO-2022-JP
158416 - Address book crash
152615 - Chinese Win98 replies
159159 - Print preview crash
136793 - Crash in Find dialog
164876 - Slow doc opens
166110 - Crash/ with long URLs
172053 - Sent items with wrong encoding
174120 - Proper purge of items from trash in archive
178811 - Doc ref not copied correctly in draft
137440 - Foreign chars not displaying correctly
141351 - Memory leak
123649 - GWCheck to fix folders with /,\ or :
130782 - GWCheck fix for old access records
142673 - Webacc high util
133925 - Don't handle AppleDouble as text
141895 - POA error preventing archive
142890 - Prevent unneccessary licensed connections.
134766 - Truncation in unicode string
145669 - WVCORE abend
122698 - POA screen text fit
145531 - Msgs addressed badly
149731 - Abend in GWIA
150540 - GWCheck creating invalid dirs
151525 - xplat print preview fix
154221 - GWIA abend with mixed subject line
148673 - GWIA would put UPD with PO alias
140407 - GWCheck fixes invalid security records
158629 - Abend in GWIA with long rejection msg
159507 - Files stay in gwwork
153758 - Montior shows queued message count correctly
159840 - AA02 on GWIA
142393 - Abend processing rare msgs
163188 - MTA abend
163153 - 5.5 migration not migrating all attributes
163211 - TSAFSGW fix for GWENN4
169496 - Storelowercase fix
175496 - MTA Abend

Issues fixed since GroupWise 6.5 SP6 UP1
------------------------------------
177804 - No default address book is in the registry, use the SAB as the default book.
178811 - Doc Ref not copied correctly when draft message is sent
178941 - User contents check was incorrectly deleting the user's subscriber and subscribe_to records. This would break notify.
171278 - Address book searches not working in OAPI
Updated html export files to version 8.1
183165 - Moving an appointment after a user has been moved
164279 - Monthly Calendar crashes
188353 - Found charset in mime if it was not found in the html
187615 - Took out rejecting from addresses that start with '@'.
187438 - Truncating filenames longer than 128 characters. Now allow up to 255 characters.
191006 - Save files in RTF format instead of WP5 so Asian languages can view all messages properly
187747 - Fixed proxy problem not showing recipients
191416 - cross-site scripting flaw
191417 - cross-site script vulnerability
191024 - Added code to lock out old clients. To force an update in order to login.
191999 - JP fix when not mime and no charset defined.
193617 - Problem with the Weekday scheduled events. They were being rescheduled incorrectly.
193390 - Added code so that imap clients can login.
193152 - Added so that Auth can login.
193039 - If RCPT TO is blank then don't try to do DSN.
186740 - fixed attaching files
196243 - buffer overrun during loging
200381 - TSAFSGW was not correctly displaying subdirectory contents
200393 - TSAFSGW was returning an error to BackupExec when it attempted to read ERROR LOG
200389 - Added code to ConnectToTargetService code to handle the incorrect parameter being passed by BackupExpress
190746 - fixed attachment window disappearing when resizing
200099 - C3PO error when opening embedded message
207784 - Modified the a create dates operation.
200372 - UNC was not being used to connect to GW Domain in C1 snapins
206924 - Check keyword for NULL before using
195101 - fixed font size viewing problem
212268 - add quotes around filenames for Mozilla browsers (Firefox)
212975 - DayLight Savings Time changes
213511 - fixed Korean HTML replies
214152 - Added logging to trace problem with messages read by wrong user
215106 - ABEND in replicating PAB
214152 - Added new interface to help with tracking
210089 - Fixed groups of external users so they would send correctly
204137 - Corrupt messages being left in the gwinprog directory.
218442 - cannot proxy to user with WebAccess
219109 - AddressBook find doesn't work with email addresses
219069 - Fixed abend in memcpy caused by bad size
217330 - Fixed endless loop in FC
202378 - To: field displays dist list wrong in sent items
195101 - Fixed font size printing
201132 - Fixed printing header for extended and double-byte characters
220186 - Check if subject is blank
205986 - MTA ABEND
222345 - Ported code to display euro character with ISO-8859-15 charset
224627 - WebAccess User unable to re-authenticate after timeout
224524 - Fixed unicode encoding on send
222976 - fixed calendar hang
226969 - Performance Hit: Calling Object API Messages::Move with Message ID string takes minutes
241565 - GW "hit the road" fails with post GW657 code
245002 - ABEND fix
243909 - Token did not return the correct Message ID
237972 - Properly address the transfer failed notification
152964 - Fixed viewing message that have extra long RTF header
249087 - To: field missing from Exchange to GroupWise via 4.1 API gateway
252653 - Fixed User.id field in login page
206489 - Link Configuration was not being displayed correctly
245002 - new fix to prevent WA ABEND & not ABEND Client
251814 - Fix for endless loop with FlatForwarding.
238823 - Crash when sending message
244114 - Gwcheck was only displaying the first 14 characters of the user id
258069 - security issue
258457 - Sending an HTML message adds Resource information to top of message
261457 - HTML text in body of Internet message using ISO Default or Windows Default encoding is blank
244114 - Fixed one more string for the GWCheck Audit report
238444 - Fixed user not found in displaying properties
256066 - Wrong engine causes D107 error
265418 - Fixed for all languages to add the charset to HTML message
271681 - Fix links to spawn a browser for plain text messages
272923 - BES hang fixes
256066 - Fixed D107 errors when proxy
238823 - Fixed crash when sending Japanese HTML messages
267246 - MITM-Attack Possible with C/S Client to POA even with SSL enabled.

file contents

Files Included	Size	Date
gw656up2multi.exe	502.6 MB (527084105)	2007-05-29 12:34:41
gw656up2us.exe	311.1 MB (326241031)	2007-05-29 12:35:15
readme_5004632.html	N/A	2008-05-13 13:13:57

disclaimer

The Origin of this information may be internal or external to Novell. Novell makes all reasonable efforts to verify this information. However, the information provided in this document is for your information only. Novell makes no explicit or implied claims to the validity of this information. Any trademarks referenced in this document are the property of their respective owners. Consult your product manuals for complete trademark information.

Novell is a registered trademark of Novell, Inc. in the United States and other countries. SUSE is a registered trademark of SUSE Linux AG, a Novell business. *All third-party trademarks are the property of their respective owners.