Zimbra Releases/9.0.0/P24.1: Difference between revisions
(Created page with "{{WIP}} = Zimbra Collaboration Kepler 9.0.0 Patch 24.1 GA Release = Check out the '''Security Fixes''' for this version of Zimbra Collaboration. Please ref...") |
No edit summary |
||
Line 1: | Line 1: | ||
= Zimbra Collaboration Kepler 9.0.0 Patch 24.1 GA Release = | = Zimbra Collaboration Kepler 9.0.0 Patch 24.1 GA Release = | ||
Check out the '''[[#Security Fixes|Security Fixes]]''' for this version of Zimbra Collaboration. | Check out the '''[[#Security Fixes|Security Fixes]]''' for this version of Zimbra Collaboration. |
Latest revision as of 18:07, 10 May 2022
Zimbra Collaboration Kepler 9.0.0 Patch 24.1 GA Release
Check out the Security Fixes for this version of Zimbra Collaboration. Please refer to the Patch Installation section for Patch Installation instructions. As always, you are encouraged to tell us what you think in the Forums or open a support ticket to report issues.
Security Fixes
Summary | CVE-ID | CVSS Score | Zimbra Rating | Fix Patch Version |
---|---|---|---|---|
Memcached poisoning with unauthenticated request. | CVE-2022-27924 | 7.5 | High | 9.0.0 P24.1 |
Patch Installation
Please refer to the steps below to install 9.0.0 Patch 24.1 on Redhat and Ubuntu platforms:
Before Installing the Patch, consider the following:
- Patches are cumulative.
- A full backup should be performed before any patch is applied. There is no automated roll-back.
- Zimlet patches can include removing existing Zimlets and redeploying the patched Zimlet.
- Only files or Zimlets associated with installed packages will be installed from the patch.
- Switch to
zimbra
user before using ZCS CLI commands. - Important! You cannot revert to the previous ZCS release after you upgrade to the patch.
- Important! Please note that the install process has changed. Additional steps to install zimbra-common-core-jar, zimbra-common-core-libs, zimbra-mbox-store-libs packages have been included for this patch release. Please refer to the Patch Installation section to install the packages in its order.
9.0.0 Patch 24.1 Packages
The package lineup for this release is:
PackageName Version
zimbra-patch -> 9.0.0.1651876984.p24.1-2 zimbra-proxy-patch -> 9.0.0.1651844482.p24.1-1 zimbra-proxy-components -> 1.0.10-1zimbra8.8b1 zimbra-mta-patch -> 9.0.0.1651844482.p24.1-1 zimbra-mta-components -> 1.0.14-1zimbra8.8b1 zimbra-common-core-jar -> 9.0.0.1651868906-1 zimbra-nginx -> 1.20.0-1zimbra8.8b3 zimbra-httpd -> 2.4.53-1zimbra8.7b3 zimbra-spell-components -> 2.0.8-1zimbra8.8b1 zimbra-apache-components -> 2.0.7-1zimbra8.8b1 zimbra-lmdb-lib -> 2.4.59-1zimbra8.8b5 zimbra-lmdb-dbg -> 2.4.59-1zimbra8.8b5 zimbra-lmdb -> 2.4.59-1zimbra8.8b5 zimbra-openldap-lib -> 2.4.59-1zimbra8.8b5 zimbra-openldap-client -> 2.4.59-1zimbra8.8b5 zimbra-openldap-server -> 2.4.59-1zimbra8.8b4 zimbra-openjdk-cacerts -> 1.0.8-1zimbra8.7b1 zimbra-ldap-components -> 2.0.4-1zimbra8.8b1 zimbra-core-components -> 3.0.10-1zimbra8.8b1 zimbra-clamav -> 0.103.2-1zimbra8.8b3 zimbra-clamav-libs -> 0.103.2-1zimbra8.8b3 zimbra-openssl -> 1.1.1l-1zimbra8.7b4 zimbra-openssl-libs -> 1.1.1l-1zimbra8.7b4 zimbra-postfix-logwatch -> 1.40.03-1zimbra8.7b1 zimbra-timezone-data -> 3.0.0.1646993320-1 zimbra-mbox-store-libs -> 9.0.0.1647230016-1 zimbra-mbox-war -> 9.0.0.1647325909-1 zimbra-mbox-webclient-war -> 9.0.0.1647538190-1 zimbra-mbox-admin-console-war -> 9.0.0.1641806303-1 zimbra-common-mbox-conf-attrs -> 9.0.0.1602835824-1 zimbra-common-core-libs -> 9.0.0.1650522826-1 zimbra-mbox-ews-service -> 9.0.0.1650522968-1 zimbra-zco -> 9.0.0.1919.1647347914-1 zimbra-php -> 7.4.27-1zimbra8.7b3 zimbra-modern-ui -> 4.22.0.1647849185-1 zimbra-modern-zimlets -> 4.22.0.1647849185-1 zimbra-network-modules-ng -> 7.0.24.1646915366-1 zimbra-drive-ng -> 4.0.13.1637855796-1 zimbra-drive-modern -> 1.0.13.1637855796-1 zimbra-connect -> 2.0.21.1635424388-1 zimbra-connect-modern -> 1.0.21.1635424388-1 zimbra-docs -> 4.0.6.1616090633-1 zimbra-docs-modern -> 1.0.6.1632998065-1 zimbra-chat -> 4.0.1.1594306412-1 zimbra-zimlet-auth -> 1.0.2.1622463729-1 zimbra-zimlet-install-pwa -> 6.0.0.1647851139-1 zimbra-zimlet-emptysubject -> 2.0.0.1647851139-1 zimbra-zimlet-set-default-client -> 8.0.0.1647851139-1 zimbra-zimlet-document-editor -> 6.0.1.1631795284-1 zimbra-zimlet-date -> 6.0.0.1647851139-1 zimbra-zimlet-additional-signature-setting -> 6.0.0.1647851139-1 zimbra-zimlet-calendar-subscription -> 6.0.0.1647851139-1 zimbra-zimlet-sideloader -> 7.0.0.1647851139-1 zimbra-zimlet-briefcase-edit-lool -> 2.0.0.1647851139-1 zimbra-zimlet-org-chart -> 2.0.0.1647851139-1 zimbra-zimlet-zulip-chat -> 7.0.1.1631795284-1 zimbra-zimlet-ads -> 8.0.0.1647851139-1 zimbra-zimlet-user-sessions-management -> 8.0.0.1647851139-1 zimbra-zimlet-user-feedback -> 6.0.0.1647851139-1 zimbra-zimlet-privacy-protector -> 4.0.0.1647851139-1 zimbra-zimlet-duplicate-contacts -> 5.0.0.1647851139-1 zimbra-zimlet-secure-mail -> 1.0.0.1647851139-1 zimbra-zimlet-web-search -> 4.0.0.1647851139-1 zimbra-zimlet-restore-contacts -> 6.0.0.1647851139-1 zimbra-zimlet-zoom -> 7.0.0.1621610655-1 zimbra-zimlet-slack -> 5.5.0.1621610655-1 zimbra-zimlet-dropbox -> 6.0.0.1621610655-1 zimbra-zimlet-onedrive -> 6.0.0.1621610655-1 zimbra-zimlet-google-drive -> 6.0.0.1621610655-1 zimbra-zimlet-jitsi -> 3.3.1.1621610655-1 zimbra-zimlet-video-call-preferences -> 2.1.0.1621610655-1 zimbra-zimlet-nextcloud -> 1.0.7.1641799022-1 zimbra-zimlet-webex -> 1.0.1.1629957793-1 zimbra-zimlet-voice-message -> 1.0.3.1611114827-1 zimbra-zimlet-classic-unsupportedbrowser -> 3.0.0.1647851139-1 zimbra-zimlet-email-templates -> 2.0.0.1630308426-1 zimbra-zimlet-signature-template -> 1.0.0.1609841753-1
Redhat
Installing Zimbra packages with system package upgrades
- As
root
, first clear the yum cache and check for updates so the server sees there is a newzimbra-patch
package in the patch repository:
yum clean metadata yum check-update
- On mailstore node, install the following packages:
yum install zimbra-common-core-jar zimbra-common-core-libs zimbra-mbox-store-libs
- Then ask yum to update available packages:
yum update
- Restart ZCS as
zimbra
user:
su - zimbra zmcontrol restart
Installing Zimbra packages individually
Upgrade OpenLDAP on LDAP node
- As
root
, install the package:
yum install zimbra-ldap-patch
- Restart
ZCS
aszimbra
user:
su - zimbra zmcontrol restart
Install/Upgrade zimbra-proxy-patch
on Proxy node
- As
root
, first clear the yum cache and check for updates so the server sees all updated packages in the patch repository:
yum clean metadata yum check-update
- Then install the package:
yum install zimbra-proxy-patch
- Restart proxy as
zimbra
user:
su - zimbra zmproxyctl restart zmmemcachedctl restart
Install/Upgrade snmp
if it is installed on Proxy node
yum install zimbra-snmp-components
- Restart proxy as
zimbra
user:
su - zimbra zmproxyctl restart
Install/Upgrade zimbra-mta-components
on MTA node
- As
root
, first clear the yum cache and check for updates so the server sees all updated packages in the patch repository:
yum clean metadata yum check-update
- Then install the package:
yum install zimbra-mta-components
- If
dnscache
is installed, upgrade the package before restarting the services:
yum install zimbra-dnscache-components
- If
snmp
is installed, upgrade the package before restarting the services:
yum install zimbra-snmp-components
- Restart
amavisd
aszimbra
user:
su - zimbra zmamavisdctl restart
Install/Upgrade zimbra-mta-patch
on MTA node
- As
root
, install the package:
yum install zimbra-mta-patch
- Restart
amavisd
aszimbra
user:
su - zimbra zmamavisdctl restart
Install/Upgrade zimbra-patch
on mailstore node
- As
root
, install the package:
yum install zimbra-common-core-jar zimbra-common-core-libs zimbra-mbox-store-libs yum install zimbra-patch
- If
apache
is installed, upgrade the package before restarting the services:
yum install zimbra-apache-components
- If
spell
is installed, upgrade the package before restarting the services:
yum install zimbra-spell-components
- If
snmp
is installed, upgrade the package before restarting the services:
yum install zimbra-snmp-components
- Restart ZCS as
zimbra
user:
su - zimbra zmcontrol restart
Installing NG packages
Uninstall zimbra-talk
on mailstore node
In case of upgrade from version 8.8.15, uninstall zimbra-talk from mailstore node since it replaces with zimbra-connect. Hence, it is important to remove zimbra-talk
before installing zimbra-connect
.
- As
root
, uninstall the packagezimbra-talk
:
yum remove zimbra-talk
Install/Upgrade zimbra-network-modules-ng
, zimbra-connect
, zimbra-zimlet-auth
, zimbra-docs
and zimbra-drive-ng
on mailstore node
yum install zimbra-network-modules-ng yum install zimbra-connect yum install zimbra-zimlet-auth yum install zimbra-docs yum install zimbra-drive-ng
- Restart Zimbra mailbox service as
zimbra
user:
su - zimbra zmmailboxdctl restart
Zimbra Additional Zimlets
Note: - You can install the packages of your choice from the below list.
Install/Upgrade zimbra-zimlet-slack
, zimbra-zimlet-zoom
, zimbra-zimlet-dropbox
, zimbra-zimlet-google-drive
, zimbra-zimlet-onedrive
, zimbra-zimlet-jitsi
, zimbra-zimlet-video-call-preferences
, zimbra-zimlet-nextcloud
, zimbra-zimlet-voice-message
, zimbra-zimlet-sideloader
, zimbra-zimlet-user-sessions-management
on mailstore node
yum install zimbra-zimlet-slack yum install zimbra-zimlet-zoom yum install zimbra-zimlet-dropbox yum install zimbra-zimlet-google-drive yum install zimbra-zimlet-onedrive yum install zimbra-zimlet-jitsi yum install zimbra-zimlet-video-call-preferences yum install zimbra-zimlet-nextcloud yum install zimbra-zimlet-voice-message yum install zimbra-zimlet-sideloader yum install zimbra-zimlet-user-sessions-management
- Restart Zimbra mailbox service as
zimbra
user:
su - zimbra zmmailboxdctl restart
Ubuntu
Installing zimbra packages with system package upgrades
- As
root
, check for updates so the server checks there is a newzimbra-patch
package in the patch repository:
apt-get update
- On mailstore node, install the following packages:
apt-get install zimbra-common-core-jar zimbra-common-core-libs zimbra-mbox-store-libs
- Then update available packages:
apt-get upgrade
- Restart ZCS as
zimbra
user:
su - zimbra zmcontrol restart
Installing zimbra packages individually
Upgrade OpenLDAP on LDAP node
- As
root
, install the package:
apt-get install zimbra-ldap-patch
- Restart
ZCS
aszimbra
user:
su - zimbra zmcontrol restart
Install/Upgrade zimbra-proxy-patch
on Proxy node
- As
root
, install package
apt-get install zimbra-proxy-patch
- Restart proxy as
zimbra
user:
su - zimbra zmproxyctl restart zmmemcachedctl restart
Install/Upgrade snmp
if it is installed on Proxy node
apt-get install zimbra-snmp-components
- Restart proxy as
zimbra
user:
su - zimbra zmproxyctl restart
Install/Upgrade zimbra-mta-components
on MTA node
- As
root
, install package
apt-get install zimbra-mta-components
- If
dnscache
is installed, upgrade the package before restarting the services:
apt-get install zimbra-dnscache-components
- If
snmp
is installed, upgrade the package before restarting the services:
apt-get install zimbra-snmp-components
- Restart
amavisd
aszimbra
user:
su - zimbra zmamavisdctl restart
Install/Upgrade zimbra-mta-patch
on MTA node
- As
root
, install package
apt-get install zimbra-mta-patch
- Restart
amavisd
aszimbra
user:
su - zimbra zmamavisdctl restart
Install/Upgrade zimbra-patch
on mailstore node
- As
root
, check for updates and install package:
apt-get update apt-get install zimbra-common-core-jar zimbra-common-core-libs zimbra-mbox-store-libs apt-get install zimbra-patch
- If
apache
is installed, upgrade the package before restarting the services:
apt-get install zimbra-apache-components
- If
spell
is installed, upgrade the package before restarting the services:
apt-get install zimbra-spell-components
- If
snmp
is installed, upgrade the package before restarting the services:
apt-get install zimbra-snmp-components
- Restart ZCS as
zimbra
user:
su - zimbra zmcontrol restart
Installing NG packages
Uninstall zimbra-talk
on mailstore node
In case of upgrade from version 8.8.15, uninstall zimbra-talk from mailstore node since it replaces with zimbra-connect. Hence, it is important to remove zimbra-talk
before installing zimbra-connect
.
- As
root
, uninstall the packagezimbra-talk
:
apt-get remove zimbra-talk
Install/Upgrade zimbra-network-modules-ng, zimbra-connect, zimbra-zimlet-auth, zimbra-docs, zimbra-drive-ng on mailstore node
- As
root
, check for updates and install packages:
apt-get update apt-get install zimbra-network-modules-ng apt-get install zimbra-connect apt-get install zimbra-zimlet-auth apt-get install zimbra-docs apt-get install zimbra-drive-ng
- Restart Zimbra mailbox service as
zimbra
user:
su - zimbra zmmailboxdctl restart
Zimbra Additional Zimlets
Note: - You can install the packages of your choice from the below list.
Install/Upgrade zimbra-zimlet-slack
, zimbra-zimlet-zoom
, zimbra-zimlet-dropbox
, zimbra-zimlet-google-drive
, zimbra-zimlet-onedrive
, zimbra-zimlet-jitsi
, zimbra-zimlet-video-call-preferences
, zimbra-zimlet-nextcloud
, zimbra-zimlet-voice-message
, zimbra-zimlet-sideloader
, zimbra-zimlet-user-sessions-management
on mailstore node
apt-get install zimbra-zimlet-slack apt-get install zimbra-zimlet-zoom apt-get install zimbra-zimlet-dropbox apt-get install zimbra-zimlet-google-drive apt-get install zimbra-zimlet-onedrive apt-get install zimbra-zimlet-jitsi apt-get install zimbra-zimlet-video-call-preferences apt-get install zimbra-zimlet-nextcloud apt-get install zimbra-zimlet-voice-message apt-get install zimbra-zimlet-sideloader apt-get install zimbra-zimlet-user-sessions-management
- Restart Zimbra mailbox service as
zimbra
user:
su - zimbra zmmailboxdctl restart
Upgraded 3rd Party Packages
- OpenSSL and Postfix TLS 1.3 Packages
The packages for RHEL6, RHEL7, UBUNTU14, UBUNTU16, UBUNTU18 are:
Package Name Version zimbra-openssl : 1.1.1l-1zimbra8.7b4 zimbra-postfix : 3.6.1-1zimbra8.7b3 zimbra-nginx : 1.20.0-1zimbra8.8b2 zimbra-mariadb : 10.1.25-1zimbra8.7b3 zimbra-heimdal : 1.5.3-1zimbra8.7b3 zimbra-curl : 7.49.1-1zimbra8.7b3 zimbra-perl-net-ssleay : 1.88-1zimbra8.7b2 zimbra-unbound : 1.11.0-1zimbra8.7b2 zimbra-apr-util : 1.6.1-1zimbra8.7b2 zimbra-perl-dbd-mysql : 4.050-1zimbra8.7b4 zimbra-net-snmp : 5.8-1zimbra8.7b2 zimbra-perl-crypt-openssl-random : 0.11-1zimbra8.7b3 zimbra-perl-crypt-openssl-rsa : 0.31-1zimbra8.7b2 zimbra-cyrus-sasl : 2.1.26-1zimbra8.7b3 zimbra-openldap : 2.4.49-1zimbra8.8b4 zimbra-opendkim : 2.10.3-1zimbra8.7b5 zimbra-clamav : 0.103.2-1zimbra8.8b3 zimbra-perl-io-socket-ssl : 2.068-1zimbra8.7b2 zimbra-perl-net-http : 6.09-1zimbra8.7b3 zimbra-perl-libwww : 6.13-1zimbra8.7b3 zimbra-perl-lwp-protocol-https : 6.06-1zimbra8.7b3 zimbra-perl-xml-parser : 2.44-1zimbra8.7b3 zimbra-perl-soap-lite : 1.19-1zimbra8.7b3 zimbra-perl-xml-sax-expat : 0.51-1zimbra8.7b3 zimbra-perl-xml-simple : 2.25-1zimbra8.7b2 zimbra-perl-mail-dkim : 0.40-1zimbra8.7b3 zimbra-perl-mail-spamassassin : 3.4.5-1zimbra8.8b4 zimbra-spamassassin-rules : 1.0.0-1zimbra8.8b5 zimbra-perl-innotop : 1.9.1-1zimbra8.7b3 zimbra-httpd : 2.4.53-1zimbra8.7b3 zimbra-php : 7.4.27-1zimbra8.7b3 zimbra-aspell-ca : 2.1.5.1-1zimbra8.8b1 zimbra-postfix-logwatch : 1.40.03-1zimbra8.7b1 zimbra-perl : 1.0.5-1zimbra8.7b1 zimbra-dnscache-components : 1.0.2-1zimbra8.7b1 zimbra-apache-components : 2.0.7-1zimbra8.8b1 zimbra-spell-components : 2.0.8-1zimbra8.8b1 zimbra-snmp-components : 1.0.3-1zimbra8.7b1 zimbra-mta-components : 1.0.14-1zimbra8.8b1 zimbra-core-components : 3.0.10-1zimbra8.8b1 zimbra-proxy-components : 1.0.9-1zimbra8.8b1 zimbra-store-components : 1.0.3-1zimbra8.7b1 zimbra-ldap-components : 2.0.4-1zimbra8.8b1
- OpenSSL and Postfix TLS 1.3 Packages
The GA packages for RHEL8 and UBUNTU20 are:
Package Name Version zimbra-openssl : 1.1.1l-1zimbra8.7b4 zimbra-postfix : 3.6.1-1zimbra8.7b3 zimbra-nginx : 1.20.0-1zimbra8.8b2 zimbra-mariadb : 10.1.25-1zimbra8.7b3 zimbra-heimdal : 1.5.3-1zimbra8.7b3 zimbra-curl : 7.49.1-1zimbra8.7b3 zimbra-perl-net-ssleay : 1.88-1zimbra8.7b2 zimbra-unbound : 1.11.0-1zimbra8.7b2 zimbra-apr-util : 1.6.1-1zimbra8.7b2 zimbra-perl-dbd-mysql : 4.050-1zimbra8.7b4 zimbra-net-snmp : 5.8-1zimbra8.7b3 zimbra-perl-crypt-openssl-random : 0.11-1zimbra8.7b3 zimbra-perl-crypt-openssl-rsa : 0.31-1zimbra8.7b2 zimbra-cyrus-sasl : 2.1.26-1zimbra8.7b3 zimbra-openldap : 2.4.49-1zimbra8.8b4 zimbra-opendkim : 2.10.3-1zimbra8.7b5 zimbra-clamav : 0.103.2-1zimbra8.8b3 zimbra-perl-io-socket-ssl : 2.068-1zimbra8.7b3 zimbra-perl-net-http : 6.09-1zimbra8.7b4 zimbra-perl-libwww : 6.13-1zimbra8.7b4 zimbra-perl-lwp-protocol-https : 6.06-1zimbra8.7b4 zimbra-perl-xml-parser : 2.44-1zimbra8.7b4 zimbra-perl-soap-lite : 1.19-1zimbra8.7b4 zimbra-perl-xml-sax-expat : 0.51-1zimbra8.7b4 zimbra-perl-xml-simple : 2.25-1zimbra8.7b3 zimbra-perl-mail-dkim : 0.40-1zimbra8.7b3 zimbra-perl-mail-spamassassin : 3.4.5-1zimbra8.8b4 zimbra-spamassassin-rules : 1.0.0-1zimbra8.8b5 zimbra-perl-innotop : 1.9.1-1zimbra8.7b4 zimbra-httpd : 2.4.53-1zimbra8.7b3 zimbra-php : 7.4.27-1zimbra8.7b3 zimbra-perl : 1.0.6-1zimbra8.7b1 zimbra-dnscache-components : 1.0.2-1zimbra8.7b1 zimbra-apache-components : 2.0.7-1zimbra8.8b1 zimbra-spell-components : 2.0.9-1zimbra8.8b1 zimbra-snmp-components : 1.0.3-1zimbra8.7b1 zimbra-mta-components : 1.0.14-1zimbra8.8b1 zimbra-core-components : 3.0.10-1zimbra8.8b1 zimbra-proxy-components : 1.0.9-1zimbra8.8b1 zimbra-store-components : 1.0.3-1zimbra8.7b1 zimbra-ldap-components : 2.0.4-1zimbra8.8b1 zimbra-mbox-store-libs : 9.0.0.1615887345-1
The updated GA packages are:
Package Old-Version New-Version postfix 3.5.6 3.6.1 openssl 1.1.1k 1.1.1l openldap 2.4.49 2.4.59 nginx 1.19.0 1.20.0 postfix-logwatch 1.40.01 1.40.03 io-socket-ssl 2.020 2.068 xml-simple 2.20 2.25 crypt-openssl-rsa 0.28 0.31 net-snmp 5.7.3 5.8 dbd-mysql 4.033 4.050 apr-util 1.5.4 1.6.1 unbound 1.5.9 1.11.0 net-ssleay 1.72 1.88 PHP 7.3.25 7.4.27 httpd 2.4.51 2.4.53
- Nginx TLS 1.3 Packages
The GA packages for RHEL6, RHEL7, RHEL8, UBUNTU14, UBUNTU16, UBUNTU18, UBUNTU20 are:
PackageName Version zimbra-nginx -> 1.20.0-1zimbra8.8b3 zimbra-proxy-patch -> 9.0.0.1651844482.p24.1-1 zimbra-proxy-components -> 1.0.10-1zimbra8.8b1
Jira Summary
Jira Tickets fixed in 9.0.0 Patch 24.1
ZBUG-2738 | Create a hash of the key in Nginx instead of raw value |