Zimbra Releases/8.6.0/P10: Difference between revisions
(Created page with "{{Work IN Progress - Draft Document}} <ol class="breadcrumb"> <li>Zimbra Wiki</li> <li>Zimbra Releases</li> <li class="active">Zimbra Collaboration 8.6...") |
(security: update CVSS scores and ratings) |
||
Line 31: | Line 31: | ||
<td>Persistent XSS - mail addrs [CWE-79]</td> | <td>Persistent XSS - mail addrs [CWE-79]</td> | ||
<td> </td> | <td> </td> | ||
<td style="text-align: center; "> </td> | <td style="text-align: center; "> 3.5 </td> | ||
<td style="text-align: center; "> </td> | <td style="text-align: center; "> Minor </td> | ||
<td style="text-align: center; ">8.6.0 Patch10</td> | <td style="text-align: center; ">8.6.0 Patch10</td> | ||
</tr> | </tr> | ||
Line 38: | Line 38: | ||
<td class="col-md-1">[https://bugzilla.zimbra.com/show_bug.cgi?id=106811 106811]</td> | <td class="col-md-1">[https://bugzilla.zimbra.com/show_bug.cgi?id=106811 106811]</td> | ||
<td>Limited XXE [CWE-611] </td> | <td>Limited XXE [CWE-611] </td> | ||
<td> </td> | <td> CVE-2016-9924 </td> | ||
<td style="text-align: center; "> </td> | <td style="text-align: center; "> 4.3 </td> | ||
<td style="text-align: center; "> </td> | <td style="text-align: center; "> Minor </td> | ||
<td style="text-align: center; ">8.6.0 Patch10</td> | <td style="text-align: center; ">8.6.0 Patch10</td> | ||
</tr> | </tr> | ||
Line 46: | Line 46: | ||
<td class="col-md-1">[https://bugzilla.zimbra.com/show_bug.cgi?id=108786 108786]</td> | <td class="col-md-1">[https://bugzilla.zimbra.com/show_bug.cgi?id=108786 108786]</td> | ||
<td>Persistent XSS - content-location [CWE-79]</td> | <td>Persistent XSS - content-location [CWE-79]</td> | ||
<td> </td> | <td> CVE-2018-6882 </td> | ||
<td style="text-align: center; "> </td> | <td style="text-align: center; "> 4.3 </td> | ||
<td style="text-align: center; "> </td> | <td style="text-align: center; "> Minor </td> | ||
<td style="text-align: center; ">8.6.0 Patch10</td> | <td style="text-align: center; ">8.6.0 Patch10</td> | ||
</tr> | </tr> | ||
Line 54: | Line 54: | ||
<td class="col-md-1">[https://bugzilla.zimbra.com/show_bug.cgi?id=97579 97579]</td> | <td class="col-md-1">[https://bugzilla.zimbra.com/show_bug.cgi?id=97579 97579]</td> | ||
<td>login CSRF protection: ZWC login form does not use a csrf token [CWE-352]</td> | <td>login CSRF protection: ZWC login form does not use a csrf token [CWE-352]</td> | ||
<td> </td> | <td> CVE-2015-7610 </td> | ||
<td style="text-align: center; "> </td> | <td style="text-align: center; "> 5.8 </td> | ||
<td style="text-align: center; "> </td> | <td style="text-align: center; "> Major </td> | ||
<td style="text-align: center; ">8.6.0 Patch10</td> | <td style="text-align: center; ">8.6.0 Patch10</td> | ||
</tr> | </tr> | ||
Line 63: | Line 63: | ||
<td>SOAP API should not return a value for zimbraSSLPrivateKey</td> | <td>SOAP API should not return a value for zimbraSSLPrivateKey</td> | ||
<td> </td> | <td> </td> | ||
<td style="text-align: center; "> </td> | <td style="text-align: center; "> 3.6 </td> | ||
<td style="text-align: center; "> </td> | <td style="text-align: center; "> Minor </td> | ||
<td style="text-align: center; ">8.6.0 Patch10</td> | <td style="text-align: center; ">8.6.0 Patch10</td> | ||
</tr> | </tr> |
Revision as of 23:25, 9 May 2018
Template:Work IN Progress - Draft Document
Zimbra Collaboration 8.6.0 Patch 10 GA Release
Check out the "Security Fixes" for this version of Zimbra Collaboration below. As always, you’re encouraged to tell us what you think in the Forum, or open a support ticket.
Security Fixes
Information about security fixes, security response policy and vulnerability rating classification are listed below. See the Zimbra Security Response Policy and the Zimbra Vulnerability Rating Classification information below for details.
Bug# | Summary | CVE-ID | CVSS Score |
Zimbra Rating |
Fix Release or Patch Version |
---|---|---|---|---|---|
107948 | Persistent XSS - mail addrs [CWE-79] | 3.5 | Minor | 8.6.0 Patch10 | |
106811 | Limited XXE [CWE-611] | CVE-2016-9924 | 4.3 | Minor | 8.6.0 Patch10 |
108786 | Persistent XSS - content-location [CWE-79] | CVE-2018-6882 | 4.3 | Minor | 8.6.0 Patch10 |
97579 | login CSRF protection: ZWC login form does not use a csrf token [CWE-352] | CVE-2015-7610 | 5.8 | Major | 8.6.0 Patch10 |
108894 | SOAP API should not return a value for zimbraSSLPrivateKey | 3.6 | Minor | 8.6.0 Patch10 |
Before Installing the Patch
Before installing the patch, consider the following:
- Zimbra Collaboration patches can be found at https://www.zimbra.com/downloads/zimbracollaboration
- Patches are cumulative, and delivered as a TGZ file.
- A full backup should be performed before any patch is applied. There is no automated roll-back.
- Zimlet patches can include removing existing Zimlets and redeploying the patched Zimlet.
- Only files or Zimlets associated with installed packages will be installed from the patch.
- Switch to user zimbra before using ZCS CLI commands.
- Important! You cannot revert to the previous ZCS release after you upgrade to the patch.
Install the Patch
Note: This patch should be installed on all nodes running in your environment.
1. Before you begin, confirm you have the following:
- Zimbra Collaboration 8.6.0 GA installed
- Zimbra Collaboration 8.6.0 Patch10 TGZ file
2. Copy the patch.tgz file(s) to your server.
3. Install Zimbra Collaboration 8.6.0 Patch10
- a. Log in as root and cd to the directory where the tar file is saved. Type
tar xzf zcs-patch-8.6.0_GA_XXX.tgz cd zcs-patch-8.6.0_GA_XX
- b. As root, install the patch. Type
./installPatch.sh
- c. Switch to user zimbra
su – zimbra
- d. ZCS must be restarted to changes to take effect. Type
zmcontrol restart
Note: For users who have the web-client open and are running the FOSS edition, the refresh notice mightstate that you have changed to the NETWORK Edition; however, your feature set will remain FOSS only.
Try Zimbra
Try now Zimbra Collaboration without any cost with the 60-day free Trial.
Get it now »
Want to get involved?
You can contribute in the Community, in the Wiki, in the Code, or developing Zimlets.
Find out more. »
Other Help Resources
Visit the User Help Page »
Visit the Official Forums »
Zimbra Documentation Page »
Looking for a Video?
Visit our YouTube Channel to keep posted about Webinars, technology news, Product overviews and more.
Go to the YouTube Channel »