GroupWise 6.5.6 Update 3 Windows client 656up3
This document (5009060) is provided subject to the disclaimer at the end of this document.
patches this patch supersedes
| File | Product | Status | Patch |
|---|---|---|---|
| gw656up2multi.zip | GroupWise 6.5 SP6 | Obsolete | GroupWise 6.5.6 Update 2 Windows client 656up2 |
| fgw656wcup2.zip | GroupWise 6.5 SP6 | Obsolete | URL fix for the GroupWise 6.5.6 Update 2 Windows Client |
patches that supersede this patch
patch attributes
document
abstract
GroupWise 6,5 Support Pack 6, Update 3 March 14th, 2008 Overview The information in this Readme file pertains Update 3. This Support Pack contains updates for the GroupWise 6.5.6 client. However, this Support Pack does not contain updates for GroupWise Messenger. GroupWise Messenger 1.0 Support Pack 6 is a separate download. GroupWise 6.5 Support Pack 6, Update 3 includes the Windows GroupWise6.5 client software.
details
Installation Instructions:
1. Download file to a temporary location.
2. Doubleclick the self extracting executable to extract the files.
3. If desired, rename the current client directory in the SDD and copy this new one in.
4. Run setup.exe to run the install.
Warning: do not install this client until the POA has been updated to GW 6.5 Support Pack 6 Update 2 or newer or you will not be able to login to your post office.
security fixes
Description:
A security vulnerability exists in the GroupWise Windows client API that can allow programmatic access to non-authorized email under certain conditions. The attacker must first authenticate to GroupWise and be a recipient of a shared folder from another user. The attacker could then exploit the vulnerability to gain unauthorized access to non-shared email in the mailbox of the sharer.
Cause: An unspecified error in the Windows client API
CVE-2008-1330
Workaround:
Users that have shared folders with other users can protect their email by removing shared access until remedial steps have been completed. It is not necessary to delete the contents of the shared folders and they can be re-shared after the administrator has locked out older client versions.
To remove shared access to a folder select the shared folder, click File > Sharing, then select Not shared.
Remedy:
For GroupWise 7 - Customers running GroupWise 7.0 clients should immediately upgrade all clients to GroupWise 7 SP3 (dated 09 Mar 2008) and lock out older clients via ConsoleOne.
GroupWise 6.5 Windows - Customers running GroupWise 6.5 Windows clients should immediately upgrade all Windows clients to the GroupWise 6.5 SP6 client Update 3 (dated 11 Mar 2008), or upgrade to GroupWise 7 SP3. Older clients must be locked out via ConsoleOne.
GroupWise 6.5 Linux - Customers running GroupWise 6.5 Linux or Mac clients should immediately upgrade to GroupWise 7 SP3 (dated 09 Mar 2008).
For GroupWise 6.0 and previous - Customers still running unsupported GroupWise client versions (5.x and 6) should immediately upgrade clients and servers to either GroupWise 6.5 SP6 Update 3 or to GroupWise 7 SP3. Older clients must be locked out via ConsoleOne.
If Blackberry Enterprise Server (BES) is installed in a GroupWise 7 environment then upgrade the BES to a version which supports the GroupWise 7 client (BES 4.0 SP 7 or BES 4.1 SP4), and upgrade the GW client installed on the machine to 7.0 SP3 (dated 09 Mar 2008).
If Blackberry Enterprise Server (BES) is installed in a GroupWise 6.5 environment then upgrade the GW client installed on the machine to 6.5 SP6 Client Update 3 (dated 11 Mar 2008).
Special Instructions and Notes:
For instructions on locking out older client versions please refer to GroupWise documentation for your GroupWise version:
GroupWise 7: http://www.novell.com/documentation/gw7/gw7_admin/index.html?page=/documentation/gw7/gw7_admin/data/adqaf1n.html
GroupWise 6.5: http://www.novell.com/documentation/gw65/index.html?page=/documentation/gw65/gw65_admin/data/adqaf1n.html
If running a mixed environment of 6.5 and 7.0 clients then make sure to lock out based on client release date rather than client version. The recommended date should be 08 Mar 2008 in order to ensure the system is not vulnerable.
change log
Fixes since GW 656 Windows Client Update 2
203022 - Unnecessary errors from sms logs ported over to Backup Exec logs
272923 - BES Hang
274157 - Shared addressbook lost members in group
281492 - clicking on URL's does not work
290862 - Save draft with large attachments fails if you save draft twice
307507 - Plug-in Studio: Allow MVSelect entries to depend on other fields
308390 - WebAccess cross-site scripting vulnerability using the @import directive
328395 - Editing a recurring Posted Appointment crashes GW
339864 - Folder.Shared is broken
file contents
| Files Included | Size | Date |
|---|---|---|
| gw656u3_client_win_us.exe | 47.1 MB (49444753) | 2008-03-13 09:42:41 |
| gw656u3_client_win_multi.exe | 110.4 MB (115777026) | 2008-03-13 09:41:56 |
| readme_5009060.html | N/A | 2008-03-25 12:55:42 |
disclaimer
The Origin of this information may be internal or external to Novell. Novell makes all reasonable efforts to verify this information. However, the information provided in this document is for your information only. Novell makes no explicit or implied claims to the validity of this information. Any trademarks referenced in this document are the property of their respective owners. Consult your product manuals for complete trademark information.
Novell is a registered trademark of Novell, Inc. in the United States and other countries. SUSE is a registered trademark of SUSE Linux AG, a Novell business. *All third-party trademarks are the property of their respective owners.
© 2007 Novell, Inc. All Rights Reserved.