Cool Solutions

GroupWise: BES 5.0.1 MR1 Certified against GroupWise 8.0.2 HP2!

Dean Lythgoe

By:

January 25, 2011 11:22 am

Reads: 6045

Comments:10

Score:0

Today, Novell announced the release of GroupWise 8.0.2 HP2. In conjunction, Research in Motion will soon announce the certification of BES 5.0.1 MR1 against this version of GroupWise.

I am sitting at GWAVACon, Torrance California and have been notified by my engineering team that we have posted GroupWise 8.0.2 HP2.

The Hot Patch is now available and can be downloaded here!

BES 5.0.1 MR1 is available and can be downloaded from the RIM site! MR1 released in November 2010.

This Hot Patch, build #92377 (agents) #92614 (Clients), was built/delivered specifically to address SOAP issues that customers have reported and that have been affecting their mobility solutions.

Both BES and Mobility will benefit from the changes made in this Hot Patch. It has not been a long time since our last Hot Patch – just early November. However, the issues that were reported were significant enough and were affecting a broader section of our customer base that we felt it was appropriate to put this patch together and get it to our customers as soon as possible.

The changes include performance enhancements, API changes and SOAP thread hang fixes. The changes and improvements will equally benefit all integrations that utilize the SOAP interface into the POA. This includes Mobility, BES, any 3rd-party mobility solution and any 3rd-party integration that utilizes the SOAP interface.

Please check out the readme and release notes to see the most important changes and fixes that went into this Hot Patch.

RIM

Research in Motion continues to be a fantastic partner. Our development and quality control teams worked closely together over the last several months to track down, improve and deliver a joint solution that would benefit all of our customers who have deployed a BES solution for their Blackberry devices. The transition that RIM has had to do to support BES 5.0.1 with GroupWise and moving from the ObjectAPI to the SOAP interface has been significant. I have been a Blackberry user for almost 4 years now and have now transitioned to the Blackberry Torch. What a great device!

We have heard from so many of our customers who require a Blackberry solution for their enterprise. Novell is no exception. We run several BES and Mobility servers in order to effectively support the variety of mobile users and devices within our organization. We are part of RIM’s ‘Early Adopter Program’ and have had BES 5.0.1 running in our two production environments for several months. We look forward to the continued support and collaboration of these two companies and product lines.

Security Alert

There are also a couple of security issues to be aware of that were resolved with this Hot Patch.

Novell bug 657818, CVE-2010-4325 – The GroupWise Internet Agent (GWIA) has a vulnerability in the way that it parses the TZID variable within a received VCALENDAR message, which could potentially allow an unauthenticated remote attacker to execute arbitrary code on vulnerable installations of GWIA.

Related TID: http://www.novell.com/support/search.do?usemicrosite=true&searchString=7007638

Novell Bug 642340, CVE-2010-4326 – The GroupWise Internet Agent (GWIA) has a vulnerability in the way that it parses the REQUEST-STATUS variable within a received VCALENDAR message, which could potentially allow an unauthenticated remote attacker to execute arbitrary code on vulnerable installations of GWIA.

Related TID: http://www.novell.com/support/search.do?usemicrosite=true&searchString=7007155

Affected versions:

GroupWise 8.0x, 8.01x, 8.02 and 8.0.2 HP1. Previous versions of GroupWise are likely also vulnerable but are no longer supported. Customers on earlier versions of GroupWise should, at a minimum, upgrade their GWIAs and associated Domains to version 8.02HP2 in order to secure their system.

These vulnerabilities were discovered and reported by Anonymous working with TippingPoint’s Zero Day Initiative (http://www.zerodayinitiative.com), ZDI-CAN-955, ZDI-CAN-967

NOTE: The second vulnerability was resolved in GroupWise 8.02 Hot Patch 1 (released November 2010), but was not disclosed until January 2011 pending final verification of the fix.

Novell Data Synchronizer Mobility Pack

As a preview, I want to give a quick heads up to the fact that the next update to the Mobility Pack will be available soon. The latest ‘sprint’ is complete, the demo looked awesome and the improvements continue to happen. We are completing the QA and some of the other final checkboxes as we move to ‘First Customer Ship’ This release, code named ‘Chinook’, is currently scheduled for early February.

Watch for additional details as this product is released.

Dean

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

Tags:
Categories: Announcements, Expert Views, GroupWise

Disclaimer: This content is not supported by Novell. It was contributed by a community member and is published "as is." It seems to have worked for at least one person, and might work for you. But please be sure to test it thoroughly before using it in a production environment.

10 Comments

  1. By:ghoman

    My company still uses a v4.1.7 BES for our GroupWise 8.0.2 HP1 system. Will RIM certify this latest 8.0.2 HP2 client release for BES 4.1.7 soon?

    VN:F [1.9.22_1171]
    Rating: 0.0/5 (0 votes cast)
    • By:dlythgoe

      Great question and I should have clarified….

      RIM is beginning their certification of BES 4.1.7 immediately with GroupWise 8.0. 2 HP2. I am confident that it will certify as well as the changes made were mainly around SOAP and not the objectAPI. BES 4.17 uses the objectAPI, where BES 5.0.1 uses SOAP. Official announcement of certification will likely be in February.

      Hope that helps…

      Dean

      VN:F [1.9.22_1171]
      Rating: 0.0/5 (0 votes cast)
  2. By:ecyoung

    Regarding the GWIA vulnerability, please clarify which version is required to fix it. HP1? or HP2? The article simply says “8.02HP”.

    Thank you.

    VN:F [1.9.22_1171]
    Rating: 0.0/5 (0 votes cast)
  3. By:gburg

    The part from Affected versions … till Related TID… is written two times, please remove it ;-)

    Gert

    VN:F [1.9.22_1171]
    Rating: 0.0/5 (0 votes cast)
    • By:dlythgoe

      Thanks – I tried to make it clearer and not so redundant….hopefully that is better. Thanks for the feedback.

      Dean

      VN:F [1.9.22_1171]
      Rating: 0.0/5 (0 votes cast)
  4. By:tjacksonbcg

    Dean,

    You seem to imply that BES 5.0.1 MR1 is not out yet but it is and we have been running it for a month. Could you be referring to maybe an MR2 update coming out soon and if so is it really the MR2 update that will be certified? We are in the middle of a BES 5 migration so these details are important to us. I will be updating to HP2 soon but I don’t want to unless I know 100 percent that it will be certified with MR1.

    Thanks,
    Tim

    VN:F [1.9.22_1171]
    Rating: 0.0/5 (0 votes cast)
    • By:dlythgoe

      The announcement of certification is pending, not some BES code. I will re-look at my message and attempt to clarify again.

      MR1 did release in November. It is that code that is now certified against GroupWise 8.0.2 HP2. ‘Official announcement of that certification is coming’. The code is available….

      So….

      MR1 is out and available….
      8.0.2 HP2 is out and available….

      If you are a BES customer on 5.0.x….move to MR1 and HP2.

      Better?

      Dean

      VN:F [1.9.22_1171]
      Rating: 0.0/5 (0 votes cast)
      • By:tjacksonbcg

        Thanks Dean. That clears it up for me.

        Tim

        VN:F [1.9.22_1171]
        Rating: 0.0/5 (0 votes cast)
  5. By:fabriciot

    I updated our systems to latest version of GW (8.0.2-92377) and BES 5.0.1 MR1 and the problems continues. The elements synchronized in 15 minutes periods. I guess that the issue with SOAP Slap time continue somehow.

    VN:F [1.9.22_1171]
    Rating: 0.0/5 (0 votes cast)

Comment

RSS