Novell Cool Solutions

GroupWise Security Vulnerability


June 1, 2007 12:13 pm





Yesterday we announced that we had fixed a GroupWise security vulnerability. I am not posting to discuss the details of the vulnerability but I want to, again, give you pointers on how to update your system. First, the TID – here.

Next, the files – they are all linked from the TID but for completeness 6.5 and 7.

Lastly, how to update – well I already blogged on this so I am just going to link you there and then add a couple of fine points specific to this update.

A couple of differences on this one are that the POA’s all need to be updated before you can install the new client or new GWIA and WebAccess. So, from this point forwards, the 7.02 Hot Patch client can no longer connect to an older POA. This is kind of a stake in the sand as, after this, the rule will reapply, you’re just not going to be able to connect to a POA older than May 24 2007 with a client dated May 24 2007 or later.

0 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 5 (0 votes, average: 0.00 out of 5)
You need to be a registered member to rate this post.

Categories: Uncategorized


Disclaimer: This content is not supported by Novell. It was contributed by a community member and is published "as is." It seems to have worked for at least one person, and might work for you. But please be sure to test it thoroughly before using it in a production environment.


  1. By:An old CPK dude

    S0 when will this update be available as a CPK????

    Imagine we could then do 400 POS in one night and rest safe and sure all weekend long!!!

  2. By:Eric

    The “Known issues” section of TID3382383 needs updating asap.. There is a problem with right-clicking and printing attachments that causes Groupwise to crash now. There is also a problem with SETUPIP/auto-update rollouts, causing botched client installs.

  3. By:Nick

    I cant find the hot path for linux servers (agents), is it avaliable?

  4. By:Alex Evans

    Yes, it’s there. Follow the link up in my blog and look for the one named Full Linux.

  5. By:Alex Evans

    I forwarded this on to the GroupWise team – though without more detail on the setupip issue we don’t know what to fix. I am assuming you are installing the multilingual client and attempting to use the setup.cfg?

  6. By:Alex Evans

    Martin, Martin, Martin……If I didn’t have to write all the documentation it would already be out there. I am actually contemplating ripping out all the linux and windows stuff from the SPK for now and releasing it as a NetWare SPK, then follow up later with the other 2. I am also thinking I may do a linux CPK instead of an SPK so people don’t have to mess with the SPK themselves. Now get back to your golf :)

  7. By:Eric

    We’re using the US client, not multilingual. Rather than duplicate the description of what others have experienced, take a look at Tom Hafemann’s threads from 6/1 and 6/5 in and

  8. By:Alex Evans

    Thing is I tested it myself for my own customer and it works. You need to make sure you have enough rights on the webserver for all the language specific stuff to be downloaded – to do this enter in the URL you embedded in setupip in a browser, if you get an error then you don’t have sufficient rights.

  9. By:Berndt Waltje

    We have 7 domains, each with a postoffice, connected by a WAN. Additionally 1 GWIA and 1 WA. Do I get it right that I have to update all of the POAs before I may update the GWIA + WA ?

  10. By:Alex Evans

    Yes, you are mostly correct. The POAs need to be updated before a client of any kind can get updated. That does mean that if you are not using POP or IMAP on the GWIA then you are free to update that at any time.

  11. By:Marvin Scott

    When we upgraded to GW 7.01 and now with this hot patch, it is not possible to deliver the client to workstations where the user (local user group membership) is locked down, using ZENWorks to deliver the client. We have ZEN 7.01 for desktops and the best solution I see available is to install the groupwise.msi dependant on the isscript1050.msi. This doesn’t work using force run and so we have been delivering an icon on the desktop that the user needs to invoke. Isn’t there a way to do this without user intervention?

    Also, there seems to be a timing issue with the is1050. It will load and then the groupwise.msi will run and end in an error 1603. If you reboot the system and repeat the process, the install shield piece won’t run (it’s already installed) and the groupwise.msi will install successfully. Any info you can provide will be greatly appreciated. I have a call in to tech support but haven’t gotten a resolution.