Novell

This is Your Open EnterpriseTM

GroupWise Messenger 2.0.3 Hot Patch 1 Client for Windows - US and Multi

This document (5026700) is provided subject to the disclaimer at the end of this document.

patches this patch supersedes

FileProductStatusPatch
gwm203cm.exeGroupWise Messenger 2.0.3ObsoleteGroupWise Messenger 2.0.3 Win Client English and Multi

patches that supersede this patch

This patch is not superseded by any other patches.

Warning: The patch associated with this readme is obsolete; it is no longer available for download.

Continue

patch attributes

Architecture: x86
Security patch: Yes
Priority: Mandatory
Distribution Type: Public
http://download.novell.com/Download?buildid=HHSfPO91pLQ~

document

Revision: 3
Document ID: 5026700
Creation Date: 2008-06-05 14:24:32
Modified Date: 2008-06-10 13:14:43

abstract

GroupWise Messenger 2.0.3 HP1 Client for Windows is a security release of the GroupWise Messenger 2.0 client. Please see the information in the CVE section for details on the security vulnerability this addresses.

details

The downloadable files are compressed in self-extracting executables. When executed, the end-user will be prompted for a location to extract the files. The "docs" and "win32' directories will be placed below the specified location.

For information on setting up the auto-update process for end-users to download the client, please go to the following documentation URL:

http://www.novell.com/documentation/nm2/nm2_admin/data/akpd5ak.html

security fixes

A vulnerability exists in the Novell GroupWise Messenger Client (GWIM) for Windows that could allow an attacker to execute arbitrary code on a compromised workstation. The vulnerability takes the form of a remote buffer overflow in the client, caused by spoofed server responses to valid client requests. All versions of the Windows client, prior to the patch for this issue, are vulnerable.

Thanks to Franciso Amato of Infobyte Security Research, for discovering and reporting these issues.

CVE-2008-2703 & CVE-2008-2704

change log

357103 - Remote Stack Overflow Vulnerability permits code execution #1
357106 - Remote Stack Overflow Vulnerability permits code execution #2
392153 - Client crashes with long user ID

file contents

Files IncludedSizeDate
gwm203_client_win_multi.exe8.9 MB (9418608)2008-06-03 15:14:33
gwm203_client_win_us.exe3.0 MB (3150319)2008-06-03 15:15:51
readme_5026700.htmlN/A2008-11-17 08:57:47

disclaimer

The Origin of this information may be internal or external to Novell. Novell makes all reasonable efforts to verify this information. However, the information provided in this document is for your information only. Novell makes no explicit or implied claims to the validity of this information. Any trademarks referenced in this document are the property of their respective owners. Consult your product manuals for complete trademark information.

Novell is a registered trademark of Novell, Inc. in the United States and other countries. SUSE is a registered trademark of SUSE Linux AG, a Novell business. *All third-party trademarks are the property of their respective owners.

© 2007 Novell, Inc. All Rights Reserved.