Zimbra Releases/8.6 Patch 8: Difference between revisions

No edit summary
mNo edit summary
Line 41: Line 41:
Please refer to the [http://files.zimbra.com.s3.amazonaws.com/website/docs/8.6/ZCS_860_Patch7_ReleaseNotes.pdf Release Notes from ZCS 8.6 Patch 7] to know more about Fixed Issues in Patch 7 and below
Please refer to the [http://files.zimbra.com.s3.amazonaws.com/website/docs/8.6/ZCS_860_Patch7_ReleaseNotes.pdf Release Notes from ZCS 8.6 Patch 7] to know more about Fixed Issues in Patch 7 and below
=Security Fixes=
=Security Fixes=
Information about security fixes, security response policy and vulnerability rating classification are listed below. See the [https://wiki.zimbra.com/wiki/Zimbra_Security_Response_Policy Zimbra Security Response Policy] and the [https://wiki.zimbra.com/wiki/Zimbra_Vulnerability_Rating_ClassificationZimbra Vulnerability Rating] Classification information below for details.
Information about security fixes, security response policy and vulnerability rating classification are listed below. See the [https://wiki.zimbra.com/wiki/Zimbra_Security_Response_Policy Zimbra Security Response Policy] and the [https://wiki.zimbra.com/wiki/Zimbra_Vulnerability_Rating_Classification Zimbra Vulnerability Rating] Classification information below for details.
<div class="col-md-12">
<div class="col-md-12">
     <table class="table table-striped table-condensed">
     <table class="table table-striped table-condensed">
Line 51: Line 51:
<th style="text-align: center; background-color: #f15922;">Zimbra<br>Rating<span style="color: #ffffff;"></span></th>
<th style="text-align: center; background-color: #f15922;">Zimbra<br>Rating<span style="color: #ffffff;"></span></th>
<th style="text-align: center; background-color: #f15922;"><span style="color: #ffffff;">Fix&nbsp;Release&nbsp;or <br>Patch&nbsp;Version</span></th>
<th style="text-align: center; background-color: #f15922;"><span style="color: #ffffff;">Fix&nbsp;Release&nbsp;or <br>Patch&nbsp;Version</span></th>
<th style="background-color: #f15922;"><span style="color: #ffffff;">Reporter</span></th>
</tr>
</tr>
<tr>
<tr>
Line 61: Line 60:
<td>Minor</td>
<td>Minor</td>
<td>8.6 P8, 8.7.0</td>
<td>8.6 P8, 8.7.0</td>
<td>Zimbra</td>
 
</tr>
</tr>
<tr>
<tr>
Line 70: Line 69:
<td>Major</td>
<td>Major</td>
<td>8.6 P8, 8.7.0</td>
<td>8.6 P8, 8.7.0</td>
<td>Sysdream</td>
 
</tr>
<tr>
<td>[https://bugzilla.zimbra.com/show_bug.cgi?id=103959 103959]</td>
<td>CSRF [http://cwe.mitre.org/data/definitions/352.html CWE-352]</td>
<td>CVE-2016-3404</td>
<td style="text-align: center;">[https://nvd.nist.gov/cvss.cfm?calculator&version=2&vector=(AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3]</td>
<td style="text-align: center;">Minor</td>
<td>8.6 P8, 8.7.0</td>
</tr>
<tr>
<td>[https://bugzilla.zimbra.com/show_bug.cgi?id=103961 103961]<br/>[https://bugzilla.zimbra.com/show_bug.cgi?id=104828 104828]</td>
<td>CSRF [http://cwe.mitre.org/data/definitions/352.html CWE-352]</td>
<td>CVE-2016-3405</td>
<td style="text-align: center;">[https://nvd.nist.gov/cvss.cfm?calculator&version=2&vector=(AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3]</td>
<td style="text-align: center;">Minor</td>
<td>8.6 P8, 8.7.0</td>
</tr>
</tr>
</table>
</table>

Revision as of 15:35, 2 February 2017

Zimbra Collaboration 8.6 Patch 8 GA Release

Check out "What’s New" and "Known Issues" for this version of Zimbra Collaboration below. As always, you’re encouraged to tell us what you think in the Forums, or file a bug in Bugzilla.
If interested, please see the complete list of changes in this release in the next Table or click here to see the Bugzilla Report. »


Fixed Issues

ZCS 8.6.0 Patch8

Fixed Issues

Admin - Console
100899 CSRF - Admin Console [CWE-352]
104294 CSRF - Client uploader extension [CWE-352]
104456 extension REST handlers are not protected by CSRF [CWE-352]
68445 After session timeout, username field appears disabled so user cannot sign back in Admin Console
Backup/Restore
103497 [RSYNC Failure] Implement mailbox unlocking for Flush Cache
EWS - Server
101746 Outlook 2016: Auto Sync not working for Outook 2016
Other - Server
104236 All file uploads are broken in Admin UI (zimlet, certificate, migration wizard, license) because FileUploadServlet no longer supports csrfToken specified in multipart body
105029 Soap servlet should log CSRF related error at INFO level

Please refer to the Release Notes from ZCS 8.6 Patch 7 to know more about Fixed Issues in Patch 7 and below

Security Fixes

Information about security fixes, security response policy and vulnerability rating classification are listed below. See the Zimbra Security Response Policy and the Zimbra Vulnerability Rating Classification information below for details.

Bug# Summary CVE-ID CVSS
Score
Zimbra
Rating
Fix Release or
Patch Version
104294
104456
CSRF CWE-352 CVE-2016-3406 2.6 Minor 8.6 P8, 8.7.0
100885
100899
CSRF CWE-352 CVE-2015-6542
CVE-2016-3403
5.8 Major 8.6 P8, 8.7.0
103959 CSRF CWE-352 CVE-2016-3404 4.3 Minor 8.6 P8, 8.7.0
103961
104828
CSRF CWE-352 CVE-2016-3405 4.3 Minor 8.6 P8, 8.7.0

Please refer to the Release Notes from ZCS 8.6 Patch 7 to know more about Security in Patch 7 and below

Before Installing the Patch

Before installing the patch, consider the following:

  • Zimbra Collaboration patches can be found at https://www.zimbra.com/downloads/zimbracollaboration
  • Patches are cumulative, and delivered as a TGZ file.
  • A full backup should be performed before any patch is applied. There is no automated roll-back.
  • Zimlet patches can include removing existing Zimlets and redeploying the patched Zimlet.
  • Only files or Zimlets associated with installed packages will be installed from the patch.
  • Switch to user zimbra before using ZCS CLI commands.
  • Important! You cannot revert to the previous ZCS release after you upgrade to the patch.

Install the Patch

Note: This patch should be installed on all nodes running in your environment. 1. Before you begin, confirm you have the following:

  • Zimbra Collaboration 8.6.0 GA installed
  • Zimbra Collaboration 8.6.0 Patch8 TGZ file

2. Copy the patch.tgz file(s) to your server. 3. Install Zimbra Collaboration 8.6.0 Patch8

  • a. Log in as root and cd to the directory where the tar file is saved. Type
tar xzf zcs-patch-8.6.0_GA_XXX.tgz
cd zcs-patch-8.6.0_GA_XX
  • b. As root, install the patch. Type
./installPatch.sh
  • c. Switch to user zimbra
su – zimbra
  • d. ZCS must be restarted to changes to take effect. Type
zmcontrol restart

Note: For users who have the web-client open and are running the FOSS edition, the refresh notice mightstate that you have changed to the NETWORK Edition; however, your feature set will remain FOSS only.

Information about ZCS Patch 7 and below

Please refer to the Release Notes from ZCS 8.6 Patch 7 to know more about Known Issues and Security fixes in Patch 7 and below Grab your Zimbra Collaboration Patch 8 from our Downloads section - https://www.zimbra.com/downloads/



Try Zimbra

Try now Zimbra Collaboration without any cost with the 60-day free Trial.
Get it now »

Want to get involved?

You can contribute in the Community, in the Wiki, in the Code, or developing Zimlets.
Find out more. »

Looking for a Video?

Visit our YouTube Channel to keep posted about Webinars, technology news, Product overviews and more.
Go to the YouTube Channel »


Jump to: navigation, search