[Canfor]

Does anybody know if this vulderability affects BES Version 4.0 Service Pack 5 ? The article states only versions 4.1.3 to 4.1.5, but I just wanted to be safe.

[JavaJunkee]

I disabled PDF processing on my production BES (4.1.4) and my test BES (4.1.5). It's just not worth the risk. All it takes, is 'one' malformed PDF file.

[SoUnCool]

did any one have a luck finding what that "specially crafted" pdf file may look or feel like?

[DarthBBerry]

Quote:

Originally Posted by SoUnCool

did any one have a luck finding what that "specially crafted" pdf file may look or feel like?

Not taking the chance. Why look for trouble when it can be prevented in the first place?

[rsk]

I'm just about to put the block in. Not worth the risk..

[mitchelrl]

We're recommending this temporary workaround to all of our clients as of now...It's way too risky

[SoUnCool]

Quote:

Originally Posted by DarthBBerry

Not taking the chance. Why look for trouble when it can be prevented in the first place?

We have put the work around in place, but just curious to see if our antivirus and antispam systems can capture such pdf file at entry level before even touching exchange !!!

[twinkiefan]

we're putting the workaround in place, too. don't really think it's necessary in our case due to some additional safeguards we have in place, but like someone else said...why take the chance? If many of our 4000 users complain and a fix from RIM isn't forthcoming, we'll perhaps revisit the decision.

[exchangemymail]

We have also put this into effect. Not worth the risk.

[ObliteRon]

Workaround was implemented tonight.

BES 4.1.6 was just released, which addresses the vulnerability. (Advisory has been updated to reflect that.) Downloading now...

[jibi]

The Quick Fixes are also available for 4.1 SP3, SP4 and SP5.

BES 4.1 SP5 does not require the MR1 patch, although it is recommended.
BES 4.1 SP4 requires MR6 to be installed.
BES 4.1 SP3 requires HF2 to be installed.

The Quick Fix is a zip file with the updated files. There are manual commands for un-registering and re-registering some DLL files. The BlackBerry Attachment Service and BlackBerry Dispatcher will need to be stopped during this change and restarted afterwards.

[ObliteRon]

Thanks for the heads-up, jibi. Workaround backed out, and the "interim security software update" has been applied.

[Rubbery]

My BES is reported as 4.1.4.15

Do i need the patch and if so does it need anything else before i put it on. Not sure what MR6 means?

Sorry - could someone please clarify if you have a minute!


Many thanks

Jon

[Noonien]

Cant find the Hotfix for 4.1.3 and 4.1.4 only the SP6 .
Can someone help with a link ?

[Noonien]

Quote:

Originally Posted by jibi

The Quick Fixes are also available for 4.1 SP3, SP4 and SP5.

BES 4.1 SP5 does not require the MR1 patch, although it is recommended.
BES 4.1 SP4 requires MR6 to be installed.
BES 4.1 SP3 requires HF2 to be installed.

The Quick Fix is a zip file with the updated files. There are manual commands for un-registering and re-registering some DLL files. The BlackBerry Attachment Service and BlackBerry Dispatcher will need to be stopped during this change and restarted afterwards.

Hmm , 4.1 SP3 HF2 is nothing new , i installed that i think 6 month ago.
Does this fix the problem or is the SP6 needed ?

[Noonien]

The release notes for SP6 dont even mentions that the distiller problem is fixed ....

[JGonzalezGUS]

We run 4.1.4 MR1. The vulnerability fix says MR6 is required. I see only in the Download area up to MR3 (no MR4, MR5 or MR6). Where can I find MR6?
If that is a typo and instead it should read 'MR3', can I install MR3 without first installing MR2?
Thanks for any info,

[mattk0]

So, if I install the 'quick fix'/interim update will people be able to get PDF's on their device still or does this block all PDF's?

[greg2step]

We are currently running 4.14mr5 + the Out of Office quickfix so that OOF messages work ok on Exchange 2007 mailboxes. Will that fix work with 4.14mr6 and the .pdf fix?

[SoUnCool]

we are at BES 4.1 SP4 MR4
what happend to MR5 ? on RIM site there is MR6 after MR4 ???