Novell Home

Security Update 4

Novell Cool Solutions: Feature

Digg This - Slashdot This

Posted: 9 Jun 2004
 

For eDirectory running on Netware, Microsoft Windows, Linux, or Unix, there's a new Security Update 4 (May 28th, 2004). Security Update 4 replaces Security Updates 1, 2, and 3. This file contains fixes in NILE, NTLS, and PKI. These products have been delivered through many Novell products. For more details on this patch, see TID 2968981

Installation and Requirements

All versions of eDirectory up to and including 8.7.3 on all platforms, and all versions of iManager up to and including 2.0.2 on all platforms are affected by OpenSSL vulnerabilities. This patch includes an update for eDirectory and iManager 2.02 for all platforms that corrects the current issues.

Note: If eDirectory and iManager are on the same server, you only need to apply this patch once for both products.

NICI 2.6.4 must be installed before applying this patch. For specific platform instructions, go to the individual product directories:

  • Netware: ./nw/install.txt
  • Windows: ./nt/install.txt
  • Unix: ./unix/install.txt

For Windows and Netware servers, use any decompression utility that supports the tgz format (I.E. WinZip) to extract secupd4.tgz to a temporary directory on the server on which the patch will be applied. For Unix servers, use gzip and tar to decompress and extract the tarball to a temporary directory on which the patch will be applied.

ConsoleOne note: There is a PKIWrap.dll file in the {tempdirectory}/CS1. The patch install will copy this file to the default installation of ConsoleOne. If you are running ConsoleOne on any other Windows workstations, you need to manually copy this file to the ConsoleOne/1.2/bin directory. This file only supports ConsoleOne 1.3.4 and greater.

Upgrade and Patch Recommendations

The current Novell products (as of May 2004) use OpenSSL version 0.9.6k. This patch addresses any problems with this and any other previous versions of OpenSSL. For information on OpenSSL security vulnerabilities, see http://www.cert.org.

For eDirectory users, the following strategies are recommended.

For UNIX customers:

  • eDirectory 8.0 - Upgrade to eDirectory 8.7.3 and then apply the Security Update 4 patch
  • eDirectory 8.5 - Upgrade to eDirectory 8.7.3 and then apply the Security Update 4 patch
  • eDirectory 8.6.2 - Upgrade to eDirectory 8.7.3 and then apply the Security Update 4 patch
  • eDirectory 8.7.0 - Upgrade to eDirectory 8.7.3 and then apply the Security Update 4 patch
  • eDirectory 8.7.1 - Apply the Security Update 4 patch
  • eDirectory 8.7.3 - Apply the security update 4 patch

For Windows customers:

  • eDirectory 8.0 and 8.5 - Upgrade to eDirectory 8.7.3 and then apply the Security Update 4 patch
  • eDirectory 8.6.2, 8.7.0, 8.7.1, and 8.7.3 - Apply the security Update 4 patch

For Netware customers:

  • eDirectory 8.5 and 8.7.0 - Upgrade to eDirectory 8.7.3 and then apply the Security Update 4 patch
  • eDirectory 8.0(NDS8), 8.6.2, 8.7.1, and 8.7.3 - Install the Security Update 4 patch

For iManager customers:

  • iManager 1.2.x - There is no vulnerability issue; no patch is needed.
  • iManager 1.5.x and 2.0 - 2.0.1 - Upgrade to iManager 2.0.2 and apply the Security Update 4 patch
  • iManager 2.0.2 - Apply the Security Update 4 patch

For additional iManager considerations, see the TID.


Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com

© 2014 Novell