02 February 2009, 17:56
Security Updates for Novell GroupWise
Novell has released updates for GroupWise to close a number of vulnerabilities. One critical issue is a buffer overflow in the GroupWise Internet Agent (GWIA), which can be manipulated to allow the injection and execution of code. Other updates close issues with cross-site scripting, Cross-Site Request Forgery and Script Insertion gaps.
The vulnerabilities affect GroupWise 6.5x, GroupWise 7.0, 7.01, 7.02x, 7.03, 7.03 HP1a and GroupWise 8.0. Groupwise 7.x users should apply 7.03 Hot Patch 2 (HP2), and Groupwise 8.x users should apply 8.0 Hot Patch 1 (HP1). Version 6.5x is, however, no longer supported, so an upgrade to Groupwise 7.03 HP2 or 8.0 HP1 is recommended.
See also:
- Cross-site Scripting Security Vulnerability with GroupWise WebAccess
- Persistent Cross-site Scripting (XSS) Security Vulnerability with GroupWise WebAccess
- Security vulnerability (Cross-site Request Forgery) with GroupWise WebAccess
- Security vulnerability with POST requests to GroupWise WebAccess
- Security Vulnerability (buffer overflow) with GroupWise Internet Agent
(djwm)
Print Version | Send by email
| Permalink: http://h-online.com/-739913
![Kernel Log: Coming in 3.10 (Part 3) [--] Infrastructure](/imgs/43/1/0/4/2/6/7/2/comingin310_4_kicker-4977194bfb0de0d7.png)
![Kernel Log: Coming in 3.10 (Part 3) [--] Infrastructure](/imgs/43/1/0/4/2/3/2/3/comingin310_3_kicker-151cd7b9e9660f05.png)
