GroupWise 2014 R2 SP1 HP1 (14.2.1.1) verfügbar!

Posted by WebMaster (webmaster) on Aug 31 2016
Tipps >>

Folgende Änderungen und Fixes im HP1:

 

Security Fixes:
================================================================
 
This Hot Patch updates the Oracle Outside In technology to version 8.5.3, which includes security fixes. For more information on the specific bug fixes included in this release of the Outside In technology, please see http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
 
This Hot Patch updates the version of Java included with GroupWise to 8.0.102, which included some security-related fixes from Oracle. For more information on the specific bug fixes in this release of Java, please see http://www.oracle.com/technetwork/java/javase/2col/8u102-bugfixes-3021768.html
 
Resolved a vulnerability in the user authorization code in the Linux POA that may allow a user with valid Kerberos credentials to access the mailbox of another user on the same post office if the post office and user were configured to allow Kerberos authentication.
 
Resolved a vulnerability in the GroupWise administration console that may allow an attacker to execute javascript in the context of an authenticated user by tricking the user into clicking on a specially crafted link. This could lead to session compromise or enable other browser based attacks.
This vulnerability was discovered and reported by Wolfgang Ettlinger working with SEC Consult
Microfocus Bug 987681, CVE-2016-5760
Related TID: http://www.novell.com/support/kb/doc.php?id=7017973
 
Resolved a vulnerability in the GroupWise WebAccess message viewer that may allow an attacker to execute javascript in the context of an authenticated user by getting the user to interact with a malicious mail message sent by the attacker. This could lead to session compromise or enable other browser based attacks.
This vulnerability was discovered and reported by Wolfgang Ettlinger working with SEC Consult 
Novell Bug 987682, CVE-2016-5761
Related TID: http://www.novell.com/support/kb/doc.php?id=7017974
 
Resolved a vulnerability in the GroupWise Post Office Agent that may allow a remote unauthenticated attacker to write past the end of a heap buffer with up to 64K of attacker controlled data via undisclosed vectors involving an integer overflow. This is likely to affect the availability of the post office agent and could possibly be used to achieve remote code execution if other protection mechanisms are bypassed.
This vulnerability was discovered and reported by Wolfgang Ettlinger working with SEC Consult
MicroFocus Bug 987683, CVE-2016-5762
Related TID: http://www.novell.com/support/kb/doc.php?id=7017975

 

Change Log:
================================================================


 

990955, 990647, 991264, 991737 - Client hangs when opening large plain text email
988318 - New mail flag on shared folder shows regardless of new mail or not
984925 - Groupwise is unable to index pdf files created with pdf creator version 1.6
931680 - DVA image conversion too long causing errors in WebAccess
990954, 988979 - Reply to users not in user's address book can generate D027 errors and fail 
991528 - Fixed problem with WebAccess authentication timeout
990715 - Fixed problem with viewing SVG attachments

 

Last changed: Aug 31 2016 at 08:05:51

Back