Novell Home

My Favorites

Close

Please to see your favorites.

Heartbleed openssl vulnerability and GroupWise, GroupWise Messenger, GroupWise Mobility

This document (7014879) is provided subject to the disclaimer at the end of this document.

Environment

Novell Data Synchronizer Connector for Mobility
Novell GroupWise
Novell GroupWise Mobility Service
Novell Messenger
Novell Open Enterprise Server 11 (OES 11) Linux
SUSE Linux Enterprise Server 11

Situation

Are GroupWise, GroupWise Messenger, and GroupWise Mobility susceptible to the openssl heartbleed vulnerability reported in CVE-2014-0160?

According to www.openssl.org the following OpenSSL versions are vulnerable:

    OpenSSL 1.0.1 through 1.0.1f (inclusive) are vulnerable

    OpenSSL 1.0.2-beta releases, including 1.0.2-beta1 are vulnerable

 The following are not vulnerable:

    OpenSSL 1.0.1g branch is NOT vulnerable

    OpenSSL 0.9.8 branch is NOT vulnerable

Resolution

The GroupWise products do not push down their own Openssl libraries, but use the OS based ones. With the GroupWise products running on SLES 11, the GroupWise products use the 0.98 branch and are therefore not susceptible.

To check the version of Openssl on your server, open a terminal window and type:  openssl version

Additional Information

Disclaimer

This Support Knowledgebase provides a valuable tool for NetIQ/Novell/SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.

  • Document ID:7014879
  • Creation Date:09-APR-14
  • Modified Date:09-APR-14
    • NovellGroupWise
      Messenger
      Open Enterprise Server
    • SUSESUSE Linux Enterprise Server

Did this document solve your problem? Provide Feedback