Heartbleed openssl vulnerability and GroupWise, GroupWise Messenger, GroupWise Mobility

  • Document ID:7014879
  • Creation Date:09-Apr-2014
  • Modified Date:09-Apr-2014
    • Micro Focus Products:
      GroupWise
      GroupWise Messenger
      Open Enterprise Server
    • SUSE Products:
      SUSE Linux Enterprise Server

Environment

Novell Data Synchronizer Connector for Mobility
Novell GroupWise
Novell GroupWise Mobility Service
Novell Messenger
Novell Open Enterprise Server 11 (OES 11) Linux
SUSE Linux Enterprise Server 11

Situation

Are GroupWise, GroupWise Messenger, and GroupWise Mobility susceptible to the openssl heartbleed vulnerability reported in CVE-2014-0160?

According to www.openssl.org the following OpenSSL versions are vulnerable:

    OpenSSL 1.0.1 through 1.0.1f (inclusive) are vulnerable

    OpenSSL 1.0.2-beta releases, including 1.0.2-beta1 are vulnerable

 The following are not vulnerable:

    OpenSSL 1.0.1g branch is NOT vulnerable

    OpenSSL 0.9.8 branch is NOT vulnerable

Resolution

The GroupWise products do not push down their own Openssl libraries, but use the OS based ones. With the GroupWise products running on SLES 11, the GroupWise products use the 0.98 branch and are therefore not susceptible.

To check the version of Openssl on your server, open a terminal window and type:  openssl version

Additional Information

https://support.novell.com/security/cve/CVE-2014-0160.html