Secunia

Description

Novell has released Groupwise 6 Support Pack 3. This fixes a security issue in OpenSSL, which can be exploited to cause a DoS (Denial of Service) on the MTA. Multiple other issues has also been fixed, where some potentially could be security related.

The following issues could pose as security risks. This has not been confirmed, though.

Admin API Fixes:
- Fixed a memory leak.

Agent Fixes:
- A high-utilization problem with the POA has been fixed.
- Intruder detection is properly honored when LDAP authentication is in use.
- Several POA abends have been fixed.
- The MTA includes a newer version of OpenSSL that prevents a "denial of service" type of security attack.
- Several MTA abends have been fixed.

Client Fixes:
- POP3 authentication has been enhanced.

Internet Agent Fixes:
- The Internet Agent correctly processes messages with extremely long subject lines in compliance with RFC2822.
- In the context of a foreign post office with an alias, messages are no longer being relayed because of incorrect message format.
- The Internet Agent no longer shuts down if it encounters a bad message that generates an unknown error code.
- Fixed several Internet Agent memory leaks.
- Fixed several Internet Agent abends.

Solution
Apply Service Pack 3.
Further details available in Customer Area

Original Advisory
http://support.novell.com/cgi-bin/search/searchtid.cgi?/2965454.htm

Deep Links
Links available in Customer Area