GroupWise 7 SP4 Linux Full US and MULTI

This document (5070494) is provided subject to the disclaimer at the end of this document.

patches this patch supersedes

File	Product	Status	Patch
gw7.0.3HP_full_linux_multi.tar.gz	GroupWise 7	Obsolete	GroupWise 7 SP3 Hot Patch 4 Linux Full US and MULTI

patches that supersede this patch

This patch is not superseded by any other patches.

patch attributes

Architecture: x86, x86-64

Security patch: Yes

Priority: Mandatory

Distribution Type: Public

http://download.novell.com/Download?buildid=1vuyDl9EE6U~

document

Revision: 4

Document ID: 5070494

Creation Date: 2010-03-15 15:48:20

Modified Date: 2010-07-15 09:04:36

abstract

Service Pack 4 for GW 7.0 has been released. This patch will update both Linux clients and backend. The patch is cumulative and can update any GW 7.0x installation. This patch has some security fixes included, please view the readme for details.

details

System Requirements:

# 32-bit/x86 processor or 64-bit/x86 processor in 32-bit mode
# Any of the following server operating systems, plus the latest Support Pack:

SUSE Linux Enterprise Server 9 or SUSE Linux Enterprise Server 10
# eDirectory 8.7 or later, plus the latest Support Pack
# ConsoleOne 1.3.6 or later

ConsoleOne on Linux requires Java Virtual Machine (JVM*) 1.4.2, plus the X Window System*, version X11R6 or later.

Installation:

Please see the Support Pack 4 installation guide for instruction on applying the update found here http://www.novell.com/documentation

security fixes

CVE information for these issues are pending:

The HTTP interfaces for GroupWise agents (Message Transfer Agent, Post Office Agent, Internet Agent, WebAccess Agent, Monitor Agent) are are susceptible to Cross-Site Scripting (XSS) attacks, which could potentially be used by an attacker to steal sensitive information from application users, including parameters such as session credentials.
Affected versions:
GroupWise 7.0, 7.01, 7.02, 7.03x
GroupWise 8.0, 8.01x
This vulnerability was discovered and reported by Kevin Lynn of The George Washington University (http://www.gwu.edu/)
Novell bugs 576298,579699
Related TID: http://www.novell.com/support/search.do?usemicrosite=true&searchString=7006371

The HTTP interfaces for GroupWise agents (Message Transfer Agent, Post Office Agent, Internet Agent, WebAccess Agent, Monitor Agent) are vulnerable to an HTTP Header Injection attack that may be used to redirect users to arbitrary sites, perform HTTP Request Smuggling, and other attacks against the user's browser.
Affected versions:
GroupWise 7.0, 7.01, 7.02, 7.03x
GroupWise 8.0, 8.01x
This vulnerability was discovered and reported by Kevin Lynn of The George Washington University (http://www.gwu.edu/)
Novell bugs 576304, 576316
Related TID: http://www.novell.com/support/search.do?usemicrosite=true&searchString=7006372

GroupWise WebAccess is vulnerable to cross-site scripting (XSS) via header injection into certain form parameters, which could potentially be used to redirect users to a malicious website, perform HTTP request smuggling, and other attacks against the user's browser.
Affected versions:
GroupWise 7.0, 7.01, 7.02, 7.03x
GroupWise 8.0, 8.01x
This vulnerability was discovered and reported by Ty Bailey - Rapid7 (http://www.rapid7.com)
Novell bug 543590
Related TID: http://www.novell.com/support/search.do?usemicrosite=true&searchString=7006377

change log

Windows Client

489394 - Forward of S/MIME encrypted HTML email contains different message body
529411 - Random client crashes in GWXPLT1.dll
536606 - Error while forwarding Digitally signed message
538182 Crash opening CSV file
539538 - D101 error upon removing user from Notify List.
542278 - Crash in the client engine
542376 and 545160 - Subject Line in emails is truncated or added with spaces
556348 - D107 error when trying to send mail or appointment when using Proxy users account in caching mode
556368 - "Error occurs when signing message." while trying to sign and encrypt the mail
558889 - Opening the properties of a user of a distribution list in the addressbook results in an error
569822 - Client crash when attempting to setup remote mailbox
574107 - Crash syncing with client

Engine

556358 - CPU hog abend in Server.nlm

GroupWise Internet Agent (GWIA)

560175 - Linux server to 100% utilization in the IMAP threads
576181 - Crash on Inbound Message

GWCheck

568697 - Error 83 "Item failed to archive"

GWDBCOPY

582484 - DBCopy receives SEGFAULT when running on 32bit mode of 64bit sles 11 server

GWTSA

540005 - GWTSAFS.NLM abends the server, when running the Backupexec Agent on the server.

Message Transfer Agent (MTA)

542014 - MTA abend on certain message.

Post Office Agent (POA)

537840 - Crash - kernel_vsyscall - gwsoap
540007 - CloseScreen called with a screen that is still being used
545589 - Performance issues addressed
546177 POA Core fix
546554 - POA shutting down threads
553691 - POA abend in GWXIS12.NLM
564091 - POA crashes with C/S threads maxed
565087 - Mail in caching mail box loses categories after clean up on online mailbox.
570211 - Current Physical Connections exceed the Maximum Physical connections
580223 - POA Abending server in GWENN5

Protocol

536096 - Performance problem getting items

SDK

532275 - Can't see updated archive path
554676 - Garbarge chars in reply delimeter when using reply method
556354 - Lose message body using AddExistingItem

TSAFSGW

539058 - Unable to perform Open File backup in Linux OES using Veritas ( Symentec ) software

WebAccess

549420 - Webconsole will not enable for document viewer agent
438119 - Incorrect encoding used to display base64 coded UTF8 message.
540009 - GWDVA taking 100% CPU utilization
554422 - Abend in GWinter

file contents

Files Included	Size	Date
gw704_full_linux_us.tar.gz	422.1 MB (442625485)	2010-03-15 15:25:37
gw704_full_linux_multi.tar.gz	489.0 MB (512826423)	2010-03-15 15:25:33
readme_5070494.html	N/A	2010-07-15 09:04:38

disclaimer

The Origin of this information may be internal or external to Novell. Novell makes all reasonable efforts to verify this information. However, the information provided in this document is for your information only. Novell makes no explicit or implied claims to the validity of this information. Any trademarks referenced in this document are the property of their respective owners. Consult your product manuals for complete trademark information.

Novell is a registered trademark of Novell, Inc. in the United States and other countries. SUSE is a registered trademark of SUSE Linux AG, a Novell business. *All third-party trademarks are the property of their respective owners.