Domino on Linux/Unix, Troubleshooting, Best Practices, Tips and more ...

IBM Traveler 9.0.1.12 released including a security fix

Daniel Nashed  14 July 2016 09:45:20
IBM Traveler 9.0.1.12 shipped with some important changes.

The first change is a security fix which is described below.


But there is another security fix in the installer on Windows as well and some other fixes that could be affecting you.


Upgraded my server already.

-- Daniel



Security Bulletin: XML External Entities Injection Vulnerability in IBM Traveler (CVE-2016-3039)
IBM Traveler is vulnerable to a denial of service caused by an XML External Entity Injection (XXE) error when processing XML data.


http://www.ibm.com/support/docview.wss?uid=swg21985858&myns=swglotus&mynp=OCSSYRPW&mync=E&cm_sp=swglotus-_-OCSSYRPW-_-E


http://www.ibm.com/support/docview.wss?uid=swg21700212#90112
APAR # Abstract
LO87689 Invitee status not updated on Mobile device when external invitee responds.
LO88807 Add the immediately remove invitee from invite on mobile device may not remove the invitee.
LO88916 Invitee status not updated on Outlook client when external invitee responds.
LO88950 Event still appears ghosted on mobile device after process an info update from ghosted entry.
LO89057 Upgrade install technology to prevent MS Windows DLL Loading vulnerability.
LO89097 Traveler device may display EnterSendTo field if SendTo empty for non-draft message.
LO89287 Warning message for NumberFormatException for empty string should be Info log message and not a warning.
LO89357 Update to prevent XML External Entities Injection vulnerability.
LO89358 Same full name contact could sync wrong contact photo.
LO89421 Ghosted entry for non-repeating event Cancel notice may show additional options on mobile device.
LO89499 APNS notifications for IBM Verse for iOS may be in English instead of device preferred language.
LO89501 Attachments and in-line images missing content header may not sync to mobile device.
LO89540 Traveler Utility application should warn if attempting to change the DB2 user name as this may change the schema name as well.
LO89543 Prevent device from renaming folder to null string.
LO89544 Accept reschedule of non-repeating event from ghosted entry on Apple iOS Calendar application may not take effect on server.




Comments

1Uwe Sartorius  28.07.2016 11:56:13  IBM Traveler 9.0.1.12 released including a security fix

Hi Daniel,

after updating out Traveler servers to this release we facing the same bug as describend here:

{ Link }

Any others having the same issue right now?

Cheers

Uwe

2Uwe Sartorius  05.08.2016 10:24:11  IBM Traveler 9.0.1.12 released including a security fix

Hi Daniel!

LO89772: Multiple replies to chair for non-repeating meeting is fixed with 9.0.1.12 but we facing this issue since we updated to 9.0.1.12 :-)


  • [IBM Lotus Domino]
  • [Domino on Linux]
  • [Nash!Com]
  • [Daniel Nashed]