Novell announced today the immediate availability of GroupWise 8.0.3 HP1. This is the latest support pack for the GroupWise 8 product line and can be downloaded immediately. In addition, we are also releasing an update for the GroupWise Mac client!
GroupWise 8.0.3 HP1
A new hot patch is now available for the GroupWise 8.0.x product line. GroupWise 8.0.3 HP1 is available today and it contains a dozen fixes including a few security fixes in different areas of the product.
You can download the Hot Patch here!
Novell continues to be diligent about finding and fixing security related issues. Included in the GroupWise 8.0.3 HP1 release is a change that addressed a vulnerability reported last month in the Stellent Viewer technology that Novell licenses and embeds in several of its products.
Here are some details…
Description: The Oracle "Outside In" viewer software licensed by Novell for use in GroupWise contains multiple exploitable vulnerabilities in its parsers, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.
NOTE: The updated software from Oracle is included with the GroupWise 8.0.3 HP1 client for Windows and the 8.0.3 HP1 agents for Windows and Linux servers. Novell is working with Oracle to address these same vulnerabilities for GroupWise 8 on the NetWare platform.
Related TID: 7010569
Description: GroupWise WebAccess is vulnerable to a cross-site scripting (XSS) exploit in the "merge" parameter whereby an attacker could potentially insert arbitrary HTML and script code that will be executed in a user's browser session.
Related TID: 7010368
Description: The GroupWise Internet Agent (GWIA) has a vulnerability in the way that it parses time and date information within a received iCalendar message, which could potentially be exploited by an attacker to cause a Denial-of-Service (DoS) on vulnerable installations of GWIA.
Related TID: 7010767
For more information on these vulnerabilities, please see the security advisory from the U.S. CERT team:
Affected versions: GroupWise 8.0x up to and including 8.02HP3
Previous versions of GroupWise are likely also vulnerable but are no longer supported. Customers on earlier versions of GroupWise should, at a minimum, upgrade their WebAccess servers and associated Domains to version 8.0 Support Pack 3 (or later) in order to secure their system.
As stated in previous blog posts: “Novell and GroupWise take every security report very seriously. Novell expects our community to be well informed and well protected. GroupWise is very reliable and customers expect it to be the very best. Policy states: - All security issues should be taken seriously and patches applied. Please follow Best Practices guidelines for updating your system when applying this patch.”
For a list of the issues resolved in this Hot Patch, please refer to the release notes, which can be found as part of the download.
GroupWise Mac Client Update
In addition to the release of GroupWise 8.0.3 HP1, Novell is excited to also announce an update for our Mac users. The GroupWise Mac Client has been updated and is now available for immediate download. This client can be run against the following versions of GroupWise POA agents:
- GroupWise 8.0.2 HP3
- GroupWise 8.0.3 and 8.0.3 HP1
- GroupWise 2012
- Upcoming GroupWise 2012 SP1
Download Mac Update here!
A list of fixes in this release can be found in the readme file that will accompany your download. While there are no new features in this update, there are a significant number of stability and platform support changes in this release that make this a ‘must have’ for all of your GroupWise Mac Client users.
NOTE: This client requires Mac OS
10.6.8 or later, including support on Mac OS 10.7 (Mountain Lion).
Open Minds Success Story
Novell recently published a new customer success story on how GroupWise is being utilized in a hosted scenario. Take a look at not only what this customer is doing, but also our partner - DigeTekS.