We have issued several TIDs and will be releasing Hot Patches today for 7.0.x and 8.0.x code bases.
For your reference the TIDs are: 7002319, 7002320, 7002321, and 7002322.
We also sent an email to every PSE/DSE yesterday.
Novell/GroupWise takes every report of a security vulnerability very seriously. As security issues go, these reported today are very addressable by basic network measures - like firewalls, spam and virus protection.
However, we have made some changes in the WebAccess code to make sure that even in the event the network is not protected, they will not be affected by these malicious activities.
Please review the TIDs for more information...
As you know, security breaches are much more about 'who' gets credit for finding them then they are about how serious or real the issue is. This is a very low severity threat/concern. But an issue nonetheless.
Here is a link to the news article...
We do not disclose the exact details of any security breach so that it gives time for administrators to update their systems without malicious individuals having all of the knowledge to exploit any affected areas. Even after a patch is provided and sufficient time has been given to update, not every administrator will be able to act immediately and some may decide not to act at all and simply follow their own update/deployment schedules.
This is one of those issues, like all security issues, that should be taken seriously. However, it is our opinion that the risk of actual attack or breach is extremely low.
Disclaimer: As with everything else at Cool Solutions, this content is definitely not supported by Novell (so don't even think of calling Support if you try something and it blows up).
It was contributed by a community member and is published "as is." It seems to have worked for at least one person, and might work for you. But please be sure to test, test, test before you do anything drastic with it.