Notes/Domino Fix List
SPR # SBON6PNHXBFixed in 7.0.2; 6.5.6; 6.5.5 FP3 releaseSecurity fix



Product Area: Server Technical Area: MIME to CD conversion Platform: Win 2000; Win XP

Lotus Customer Support APAR: LO14311

SPR# SBON6PNHXB - Fixed a potential denial of service attack.

Technote Number: 1247835

Problem:
This issue has been reported to Quality Engineering as SPR# SBON6PNHXB and
CMAS6EATAD, and is fixed in Lotus Domino releases 6.5.6, 7.0.2 and 6.5.5 Fix
Pack 3 (FP3). Refer to the Upgrade Central site for details on upgrading
Notes/Domino.

Excerpt from the Lotus Notes and Domino Release 6.5.6 MR fix list (available at
http://www.ibm.com/developerworks/lotus):
Mime to CD
SPR# CMAS6EATAD - Fixed a MIME to CD conversion crash due to bad GIF images.
The workaround for Domino servers is to set the person doc for "Keep in
senders' format" or "Prefers MIME" instead of "Prefers Notes Rich Text". Also,
it has been mentioned that on RIM Blackberry server's, conversion of MIME->CD
occurs and there is no option to prevent this. To ensure this case is covered,
you can rename or delete the NIGIF.DLL. It's only used to convert GIF images
to Notes Bitmaps. When it's missing, the images are attached.

Mime to CD
SPR# SBON6PNHXB - Fixed a problem where a GIF file crashed the Domino router.

To work around the issue, do one of the following:

Set the Storage Preference field on the users' Person document to either "Keep
in senders' format" or "Prefers MIME" instead of "Prefers Notes Rich Text".
(NOTE: This workaround does not prevent the problem on servers that perform
conversion on the fly, such as a BlackBerry Server.)

Rename the following file on affected servers: nigif.dll (W32), libigif_r.a
(AIX), libigif.so (Solaris), etc. Renaming the file will prevent the affected
server from crashing; however, this will result in GIFs showing as attachments
instead of appearing as a graphic in emails.

Supporting Information
A cumulative client hotfix (CCH) is available for Notes client 6.5.5 that fixes
the issue reported in SPR# SBON6PNHXB and CMAS6EATAD. Since hotfixes do not
receive the extensive testing that maintenance releases and fix packs do,
customers are encouraged to implement workarounds or deploy a release
containing the fix once available. However, if workarounds are not possible or
applicable and you still need a fix, contact IBM Technical Support to request
the CCH containing the fix for this issue.
More >



Last Modified on 12/10/2013

Go back