Novell announced immediate availability for the latest update for GroupWise 2012. GroupWise 2012 SP1 is now available!!!
GroupWise 2012 SP1 (Cardiff)
GroupWise 2012 SP1 is our first support pack for GroupWise 2012. While it includes customer-requested bug fixes to GroupWise 2012, It also includes the following enhancements:
- Android tablet support (WebAccess Mobile)
- Android version 3.2 is supported. This device has been certified.
- Android version 4.x is supported. The following devices continue to be tested. Under some circumstances, these devices may not perform as expected.
- ASUS TF101
- ASUS TF201
- Samsung Galaxy Tab 10.1
- RIM Playbook 2 support (WebAccess Mobile)
- Bulgarian and Turkish UI support in WebAccess
enabled iOS,Android, Windows Mobile, etc. devices are supported using DataSync. This tablet notice is for WebAccess Mobile Templates only. We expect to expand Android 4.0 certification to more devices as soon as possible. On devices that are not currently certified, we have found device/OS specific issues that may cause display, usability or loss of functionality challenges. Many have easy work-arounds, while others simply won't function as expected. Keeping device firmware
updates current can help mitigate some of these deficiencies while Novell works to complete certification on more devices. Android 4.0.4, for some devices, has significant limitations.
GroupWise 2012 SP1 is available to all customers who are current on their maintenance. Please access and download the software here!.
All areas of the product have been updated and tested. Please deploy this support pack by following the standard best practices provided in the documentation. Organizations and enterprises can upgrade directly to GroupWise 2012 SP1 from any previous version of GroupWise including GroupWise 6.5.x, GroupWise 7.x, GroupWise 8.x and GroupWise 2012.
Once backend agents and systems have been upgraded to GroupWise 2012 SP1, desktop clients can and should also be upgraded to take advantage of features, platform support, new functionality and capability and interoperability with internal and external systems. In addition, over the years, several security related changes and updates have been included in the product. Many of those security vulnerabilities require both agent and client updates for your organization to be completely protected and supported.
A list of fixes in this release can be found in the readme file included with your download.
Novell continues to be diligent about finding and fixing security related issues. Included in the GroupWise 2012 SP1 release are fixes that have already been made in the latest GroupWise 8 release If you are on GroupWise 2012, upgrading to SP1 will protect your system against these issues. If you are using GroupWise 8, please upgrade to GroupWise 8.0.3 HP1 to have the very latest available security related updates.. Many of these vulnerabilities have previously been reported.
Here are some details...
Description: A vulnerability exists in the eDirectory authentication mechanism of GroupWise 8 and GroupWise 2012 that could potentially allow unauthorized access to GroupWise accounts. GroupWise post offices are vulnerable to this exploit only if ALL of the following conditions are met:
The post office security level is set to "High"
has enabled eDirectory Authentication under the "High Security Options" settings of the post office.
The administrator has the enabled the "Use eDirectory authentication instead of password" option in ConsoleOne
under GroupWise Utilities | Client Options | Security
Related TID: 7010773
Description: GroupWise WebAccess is vulnerable to a cross-site scripting (XSS) exploit where input passed via an HTML email is not properly sanitized before being displayed to the user, whereby an attacker could potentially insert arbitrary HTML and script code that will be executed in a user's browser session.
Related TID: 7010768
Description: The GroupWise Internet Agent (GWIA) is vulnerable to an integer overflow exploit on its HTTP interface that could potentially allow an unauthenticated remote attacker to execute arbitrary code on vulnerable installations of GWIA.
Related TID: 7010769
Description: The GroupWise Internet Agent (GWIA) is vulnerable to an integer overflow exploit that could potentially allow an unauthenticated remote attacker to execute arbitrary code on vulnerable installations of GWIA.
Related TID: 7010770
Description: The GroupWise Client for Windows is vulnerable to an exploit where by enticing a target user to open a malicious file, a remote attacker can leverage the vulnerability to gain remote code execution within the security context of the affected user, or crash the affected application.
Related TID: 7010771
Description: The HTTP interfaces for the GroupWise agents are vulnerable to an arbitrary file retrieval condition due to a failure to properly filter certain crafted directory traversal sequences. An unauthenticated remote attacker can leverage this flaw to retrieve files with the privileges of the vulnerable agent(s).
Related TID: 7010772
Description: The Oracle "Outside In" viewer software licensed by Novell for use in GroupWise contains multiple exploitable vulnerabilities in its parsers, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.
Related TID: 7010569
GroupWise 8.0x up to and including 8.02HP3
Previous versions of GroupWise are likely also vulnerable but are no longer supported. Customers on earlier versions of GroupWise should, at a minimum, upgrade their WebAccess servers and associated Domains to version 8.0 Support Pack 3 or 2012 SP1 in order to secure their system.
Signal to Upgrade
We recognize that many organizations, by policy or otherwise, wait until the first support pack before upgrading to a major release of any software product. Please take this opportunity to plan and deploy GroupWise 2012 to get the very most out of your collaboration investment. GroupWise 2012 requires OES, SLES or Windows servers. Now is a perfect time to also upgrade from NetWare to OES! Upgrading is easier than you think. With GroupWise 2012, we have tightened our integration with ZEN and those utilities make upgrading your clients easier than ever. Please reach out to your NTS or Sales representative and get the help you need to give your organization and your end-users the advantages of GroupWise 2012 and OES.
The Novell Collaboration team is working on a variety of deliverables and objectives over the next few months. We expect to deliver several new technologies and releases in our DataSync, Messenger, GroupWise and Vibe family of solutions. GroupWise Messenger Mobile Apps, Novell DataSynchronizer 1.2.5 and Co-existence with GroupWise 2012 SP2 are all on deck!. As we prepare for BrainShare 2013 coming in February - there is a lot going on and a lot to look forward to. In addition, the new Administration Console for GroupWise is shaping up nicely. We expect to show all of these solutions at BrainShare - so plan now to come join us!
GWAVACon - Düsseldorf and Open Horizons Regional Summit - France
For our European customers and partners, we are looking forward to seeing you all very soon at a few events happening next month. Several Novell representatives will be in attendance at Open Horizons - France on October 11-12th in the city of Loriol at this Hotel. I am looking forward to seeing Paul Van der Cruyssen and Arnaud Delin at this event. Come join us!
The following week, I will be joined by Kari Woolf, GroupWise Marketing Manager, Tracy Smith, Vibe Product Manager and Kai Reichert, DataSync Product Manager in Düsseldorf for GWAVACon EMEA. Bob Flynn, VP and GM for Novell will be giving the keynote address. We will also be joined by several Provo engineers and other European Novell employees. We are always excited for GWAVACon! The great opportunity to network, meet with customers and partners and have some fun! We are planning a fun 'speed dating' event as well as another Live Validation event to help build our GroupWise community. Come join the fun!!!