Zimbra Releases/9.0.0/P24.1

Revision as of 15:50, 10 May 2022 by Dawood Shaikh (talk | contribs) (Created page with "{{WIP}} = Zimbra Collaboration Kepler 9.0.0 Patch 24.1 GA Release = Check out the '''Security Fixes''' for this version of Zimbra Collaboration. Please ref...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Zimbra Collaboration Kepler 9.0.0 Patch 24.1 GA Release

Check out the Security Fixes for this version of Zimbra Collaboration. Please refer to the Patch Installation section for Patch Installation instructions. As always, you are encouraged to tell us what you think in the Forums or open a support ticket to report issues.

Security Fixes

Summary CVE-ID CVSS Score Zimbra Rating Fix Patch Version
Memcached poisoning with unauthenticated request. CVE-2022-27924 7.5 High 9.0.0 P24.1


Patch Installation

Please refer to the steps below to install 9.0.0 Patch 24.1 on Redhat and Ubuntu platforms:

Before Installing the Patch, consider the following:

  • Patches are cumulative.
  • A full backup should be performed before any patch is applied. There is no automated roll-back.
  • Zimlet patches can include removing existing Zimlets and redeploying the patched Zimlet.
  • Only files or Zimlets associated with installed packages will be installed from the patch.
  • Switch to zimbra user before using ZCS CLI commands.
  • Important! You cannot revert to the previous ZCS release after you upgrade to the patch.
  • Important! Please note that the install process has changed. Additional steps to install zimbra-common-core-jar, zimbra-common-core-libs, zimbra-mbox-store-libs packages have been included for this patch release. Please refer to the Patch Installation section to install the packages in its order.

9.0.0 Patch 24.1 Packages

The package lineup for this release is:

PackageName Version

zimbra-patch                               ->     9.0.0.1651876984.p24.1-2
zimbra-proxy-patch                         ->     9.0.0.1651844482.p24.1-1
zimbra-proxy-components                    ->     1.0.10-1zimbra8.8b1
zimbra-mta-patch                           ->     9.0.0.1651844482.p24.1-1
zimbra-mta-components                      ->     1.0.14-1zimbra8.8b1
zimbra-common-core-jar                     ->     9.0.0.1651868906-1
zimbra-nginx                               ->     1.20.0-1zimbra8.8b3
zimbra-httpd  				   ->     2.4.53-1zimbra8.7b3
zimbra-spell-components                    ->     2.0.8-1zimbra8.8b1
zimbra-apache-components 		   ->     2.0.7-1zimbra8.8b1
zimbra-lmdb-lib                            ->     2.4.59-1zimbra8.8b5
zimbra-lmdb-dbg                            ->     2.4.59-1zimbra8.8b5
zimbra-lmdb                                ->     2.4.59-1zimbra8.8b5
zimbra-openldap-lib		           ->	  2.4.59-1zimbra8.8b5
zimbra-openldap-client		           ->	  2.4.59-1zimbra8.8b5
zimbra-openldap-server                     ->     2.4.59-1zimbra8.8b4
zimbra-openjdk-cacerts			   ->	  1.0.8-1zimbra8.7b1
zimbra-ldap-components                     ->     2.0.4-1zimbra8.8b1
zimbra-core-components                     ->     3.0.10-1zimbra8.8b1
zimbra-clamav                              ->	  0.103.2-1zimbra8.8b3
zimbra-clamav-libs                         ->     0.103.2-1zimbra8.8b3
zimbra-openssl                             ->     1.1.1l-1zimbra8.7b4
zimbra-openssl-libs                        ->     1.1.1l-1zimbra8.7b4
zimbra-postfix-logwatch                    ->     1.40.03-1zimbra8.7b1
zimbra-timezone-data                       ->     3.0.0.1646993320-1
zimbra-mbox-store-libs                     ->     9.0.0.1647230016-1
zimbra-mbox-war                            ->     9.0.0.1647325909-1
zimbra-mbox-webclient-war                  ->     9.0.0.1647538190-1
zimbra-mbox-admin-console-war              ->     9.0.0.1641806303-1
zimbra-common-mbox-conf-attrs              ->     9.0.0.1602835824-1
zimbra-common-core-libs                    ->     9.0.0.1650522826-1
zimbra-mbox-ews-service     		   ->     9.0.0.1650522968-1
zimbra-zco                                 ->     9.0.0.1919.1647347914-1
zimbra-php                                 ->     7.4.27-1zimbra8.7b3
zimbra-modern-ui                           ->     4.22.0.1647849185-1
zimbra-modern-zimlets                      ->     4.22.0.1647849185-1
zimbra-network-modules-ng                  ->     7.0.24.1646915366-1
zimbra-drive-ng                            ->     4.0.13.1637855796-1
zimbra-drive-modern                        ->     1.0.13.1637855796-1
zimbra-connect                             ->     2.0.21.1635424388-1
zimbra-connect-modern                      ->     1.0.21.1635424388-1
zimbra-docs                                ->     4.0.6.1616090633-1
zimbra-docs-modern                         ->     1.0.6.1632998065-1
zimbra-chat                                ->     4.0.1.1594306412-1
zimbra-zimlet-auth                         ->     1.0.2.1622463729-1
zimbra-zimlet-install-pwa                  ->     6.0.0.1647851139-1
zimbra-zimlet-emptysubject		   ->     2.0.0.1647851139-1
zimbra-zimlet-set-default-client           ->     8.0.0.1647851139-1
zimbra-zimlet-document-editor              ->     6.0.1.1631795284-1
zimbra-zimlet-date                         ->     6.0.0.1647851139-1
zimbra-zimlet-additional-signature-setting ->     6.0.0.1647851139-1
zimbra-zimlet-calendar-subscription        ->     6.0.0.1647851139-1
zimbra-zimlet-sideloader                   ->     7.0.0.1647851139-1
zimbra-zimlet-briefcase-edit-lool          ->     2.0.0.1647851139-1
zimbra-zimlet-org-chart                    ->     2.0.0.1647851139-1
zimbra-zimlet-zulip-chat                   ->     7.0.1.1631795284-1
zimbra-zimlet-ads                          ->     8.0.0.1647851139-1
zimbra-zimlet-user-sessions-management	   ->	  8.0.0.1647851139-1
zimbra-zimlet-user-feedback                ->     6.0.0.1647851139-1
zimbra-zimlet-privacy-protector            ->     4.0.0.1647851139-1
zimbra-zimlet-duplicate-contacts           ->     5.0.0.1647851139-1
zimbra-zimlet-secure-mail		   ->	  1.0.0.1647851139-1
zimbra-zimlet-web-search		   ->	  4.0.0.1647851139-1
zimbra-zimlet-restore-contacts             ->     6.0.0.1647851139-1
zimbra-zimlet-zoom                         ->     7.0.0.1621610655-1
zimbra-zimlet-slack                        ->     5.5.0.1621610655-1
zimbra-zimlet-dropbox                      ->     6.0.0.1621610655-1
zimbra-zimlet-onedrive                     ->     6.0.0.1621610655-1
zimbra-zimlet-google-drive                 ->     6.0.0.1621610655-1
zimbra-zimlet-jitsi                        ->     3.3.1.1621610655-1
zimbra-zimlet-video-call-preferences       ->     2.1.0.1621610655-1
zimbra-zimlet-nextcloud                    ->     1.0.7.1641799022-1
zimbra-zimlet-webex	                   ->     1.0.1.1629957793-1
zimbra-zimlet-voice-message                ->     1.0.3.1611114827-1
zimbra-zimlet-classic-unsupportedbrowser   ->     3.0.0.1647851139-1
zimbra-zimlet-email-templates              ->     2.0.0.1630308426-1
zimbra-zimlet-signature-template           ->     1.0.0.1609841753-1

Redhat

Installing Zimbra packages with system package upgrades

  • As root, first clear the yum cache and check for updates so the server sees there is a new zimbra-patch package in the patch repository:
yum clean metadata
yum check-update
  • On mailstore node, install the following packages:
yum install zimbra-common-core-jar zimbra-common-core-libs zimbra-mbox-store-libs
  • Then ask yum to update available packages:
yum update
  • Restart ZCS as zimbra user:
su - zimbra
zmcontrol restart

Installing Zimbra packages individually

Upgrade OpenLDAP on LDAP node

  • As root, install the package:
yum install zimbra-ldap-patch
  • Restart ZCS as zimbra user:
su - zimbra
zmcontrol restart

Install/Upgrade zimbra-proxy-patch on Proxy node

  • As root, first clear the yum cache and check for updates so the server sees all updated packages in the patch repository:
yum clean metadata
yum check-update
  • Then install the package:
yum install zimbra-proxy-patch
  • Restart proxy as zimbra user:
su - zimbra
zmproxyctl restart
zmmemcachedctl restart

Install/Upgrade snmp if it is installed on Proxy node

yum install zimbra-snmp-components
  • Restart proxy as zimbra user:
su - zimbra
zmproxyctl restart

Install/Upgrade zimbra-mta-components on MTA node

  • As root, first clear the yum cache and check for updates so the server sees all updated packages in the patch repository:
yum clean metadata
yum check-update
  • Then install the package:
yum install zimbra-mta-components
  • If dnscache is installed, upgrade the package before restarting the services:
yum install zimbra-dnscache-components
  • If snmp is installed, upgrade the package before restarting the services:
yum install zimbra-snmp-components
  • Restart amavisd as zimbra user:
su - zimbra
zmamavisdctl restart

Install/Upgrade zimbra-mta-patch on MTA node

  • As root, install the package:
yum install zimbra-mta-patch
  • Restart amavisd as zimbra user:
su - zimbra
zmamavisdctl restart

Install/Upgrade zimbra-patch on mailstore node

  • As root, install the package:
yum install zimbra-common-core-jar zimbra-common-core-libs zimbra-mbox-store-libs
yum install zimbra-patch
  • If apache is installed, upgrade the package before restarting the services:
yum install zimbra-apache-components
  • If spell is installed, upgrade the package before restarting the services:
yum install zimbra-spell-components
  • If snmp is installed, upgrade the package before restarting the services:
yum install zimbra-snmp-components
  • Restart ZCS as zimbra user:
su - zimbra
zmcontrol restart


Installing NG packages

Uninstall zimbra-talk on mailstore node

In case of upgrade from version 8.8.15, uninstall zimbra-talk from mailstore node since it replaces with zimbra-connect. Hence, it is important to remove zimbra-talk before installing zimbra-connect.

  • As root, uninstall the package zimbra-talk:
yum remove zimbra-talk

Install/Upgrade zimbra-network-modules-ng, zimbra-connect, zimbra-zimlet-auth, zimbra-docs and zimbra-drive-ng on mailstore node

yum install zimbra-network-modules-ng
yum install zimbra-connect
yum install zimbra-zimlet-auth
yum install zimbra-docs
yum install zimbra-drive-ng
  • Restart Zimbra mailbox service as zimbra user:
su - zimbra
zmmailboxdctl restart

Zimbra Additional Zimlets

Note: - You can install the packages of your choice from the below list.

Install/Upgrade zimbra-zimlet-slack, zimbra-zimlet-zoom, zimbra-zimlet-dropbox, zimbra-zimlet-google-drive, zimbra-zimlet-onedrive, zimbra-zimlet-jitsi, zimbra-zimlet-video-call-preferences, zimbra-zimlet-nextcloud, zimbra-zimlet-voice-message, zimbra-zimlet-sideloader, zimbra-zimlet-user-sessions-management on mailstore node

yum install zimbra-zimlet-slack
yum install zimbra-zimlet-zoom
yum install zimbra-zimlet-dropbox
yum install zimbra-zimlet-google-drive
yum install zimbra-zimlet-onedrive
yum install zimbra-zimlet-jitsi
yum install zimbra-zimlet-video-call-preferences
yum install zimbra-zimlet-nextcloud
yum install zimbra-zimlet-voice-message
yum install zimbra-zimlet-sideloader
yum install zimbra-zimlet-user-sessions-management
  • Restart Zimbra mailbox service as zimbra user:
su - zimbra
zmmailboxdctl restart

Ubuntu

Installing zimbra packages with system package upgrades

  • As root, check for updates so the server checks there is a new zimbra-patch package in the patch repository:
apt-get update
  • On mailstore node, install the following packages:
apt-get install zimbra-common-core-jar zimbra-common-core-libs zimbra-mbox-store-libs
  • Then update available packages:
apt-get upgrade
  • Restart ZCS as zimbra user:
su - zimbra
zmcontrol restart

Installing zimbra packages individually

Upgrade OpenLDAP on LDAP node

  • As root, install the package:
apt-get install zimbra-ldap-patch
  • Restart ZCS as zimbra user:
su - zimbra
zmcontrol restart

Install/Upgrade zimbra-proxy-patch on Proxy node

  • As root, install package
apt-get install zimbra-proxy-patch
  • Restart proxy as zimbra user:
su - zimbra
zmproxyctl restart
zmmemcachedctl restart

Install/Upgrade snmp if it is installed on Proxy node

apt-get install zimbra-snmp-components
  • Restart proxy as zimbra user:
su - zimbra
zmproxyctl restart

Install/Upgrade zimbra-mta-components on MTA node

  • As root, install package
apt-get install zimbra-mta-components
  • If dnscache is installed, upgrade the package before restarting the services:
apt-get install zimbra-dnscache-components
  • If snmp is installed, upgrade the package before restarting the services:
apt-get install zimbra-snmp-components
  • Restart amavisd as zimbra user:
su - zimbra
zmamavisdctl restart

Install/Upgrade zimbra-mta-patch on MTA node

  • As root, install package
apt-get install zimbra-mta-patch
  • Restart amavisd as zimbra user:
su - zimbra
zmamavisdctl restart

Install/Upgrade zimbra-patch on mailstore node

  • As root, check for updates and install package:
apt-get update
apt-get install zimbra-common-core-jar zimbra-common-core-libs zimbra-mbox-store-libs
apt-get install zimbra-patch
  • If apache is installed, upgrade the package before restarting the services:
apt-get install zimbra-apache-components
  • If spell is installed, upgrade the package before restarting the services:
apt-get install zimbra-spell-components
  • If snmp is installed, upgrade the package before restarting the services:
apt-get install zimbra-snmp-components
  • Restart ZCS as zimbra user:
su - zimbra
zmcontrol restart


Installing NG packages

Uninstall zimbra-talk on mailstore node

In case of upgrade from version 8.8.15, uninstall zimbra-talk from mailstore node since it replaces with zimbra-connect. Hence, it is important to remove zimbra-talk before installing zimbra-connect.

  • As root, uninstall the package zimbra-talk:
apt-get remove zimbra-talk

Install/Upgrade zimbra-network-modules-ng, zimbra-connect, zimbra-zimlet-auth, zimbra-docs, zimbra-drive-ng on mailstore node

  • As root, check for updates and install packages:
apt-get update
apt-get install zimbra-network-modules-ng
apt-get install zimbra-connect
apt-get install zimbra-zimlet-auth
apt-get install zimbra-docs
apt-get install zimbra-drive-ng
  • Restart Zimbra mailbox service as zimbra user:
su - zimbra
zmmailboxdctl restart


Zimbra Additional Zimlets

Note: - You can install the packages of your choice from the below list.

Install/Upgrade zimbra-zimlet-slack, zimbra-zimlet-zoom, zimbra-zimlet-dropbox, zimbra-zimlet-google-drive, zimbra-zimlet-onedrive, zimbra-zimlet-jitsi, zimbra-zimlet-video-call-preferences, zimbra-zimlet-nextcloud, zimbra-zimlet-voice-message, zimbra-zimlet-sideloader, zimbra-zimlet-user-sessions-management on mailstore node

apt-get install zimbra-zimlet-slack
apt-get install zimbra-zimlet-zoom
apt-get install zimbra-zimlet-dropbox
apt-get install zimbra-zimlet-google-drive
apt-get install zimbra-zimlet-onedrive
apt-get install zimbra-zimlet-jitsi
apt-get install zimbra-zimlet-video-call-preferences
apt-get install zimbra-zimlet-nextcloud
apt-get install zimbra-zimlet-voice-message
apt-get install zimbra-zimlet-sideloader
apt-get install zimbra-zimlet-user-sessions-management
  • Restart Zimbra mailbox service as zimbra user:
su - zimbra
zmmailboxdctl restart

Upgraded 3rd Party Packages

  • OpenSSL and Postfix TLS 1.3 Packages

The packages for RHEL6, RHEL7, UBUNTU14, UBUNTU16, UBUNTU18 are:

Package Name      Version
zimbra-openssl : 1.1.1l-1zimbra8.7b4
zimbra-postfix : 3.6.1-1zimbra8.7b3
zimbra-nginx : 1.20.0-1zimbra8.8b2
zimbra-mariadb : 10.1.25-1zimbra8.7b3
zimbra-heimdal : 1.5.3-1zimbra8.7b3
zimbra-curl : 7.49.1-1zimbra8.7b3
zimbra-perl-net-ssleay : 1.88-1zimbra8.7b2
zimbra-unbound : 1.11.0-1zimbra8.7b2
zimbra-apr-util : 1.6.1-1zimbra8.7b2
zimbra-perl-dbd-mysql : 4.050-1zimbra8.7b4
zimbra-net-snmp : 5.8-1zimbra8.7b2
zimbra-perl-crypt-openssl-random : 0.11-1zimbra8.7b3
zimbra-perl-crypt-openssl-rsa : 0.31-1zimbra8.7b2
zimbra-cyrus-sasl : 2.1.26-1zimbra8.7b3
zimbra-openldap : 2.4.49-1zimbra8.8b4
zimbra-opendkim : 2.10.3-1zimbra8.7b5
zimbra-clamav : 0.103.2-1zimbra8.8b3
zimbra-perl-io-socket-ssl : 2.068-1zimbra8.7b2
zimbra-perl-net-http : 6.09-1zimbra8.7b3
zimbra-perl-libwww : 6.13-1zimbra8.7b3
zimbra-perl-lwp-protocol-https : 6.06-1zimbra8.7b3
zimbra-perl-xml-parser : 2.44-1zimbra8.7b3
zimbra-perl-soap-lite : 1.19-1zimbra8.7b3
zimbra-perl-xml-sax-expat : 0.51-1zimbra8.7b3
zimbra-perl-xml-simple : 2.25-1zimbra8.7b2
zimbra-perl-mail-dkim : 0.40-1zimbra8.7b3
zimbra-perl-mail-spamassassin : 3.4.5-1zimbra8.8b4
zimbra-spamassassin-rules : 1.0.0-1zimbra8.8b5
zimbra-perl-innotop : 1.9.1-1zimbra8.7b3
zimbra-httpd : 2.4.53-1zimbra8.7b3
zimbra-php : 7.4.27-1zimbra8.7b3
zimbra-aspell-ca : 2.1.5.1-1zimbra8.8b1
zimbra-postfix-logwatch : 1.40.03-1zimbra8.7b1
zimbra-perl : 1.0.5-1zimbra8.7b1
zimbra-dnscache-components : 1.0.2-1zimbra8.7b1
zimbra-apache-components : 2.0.7-1zimbra8.8b1
zimbra-spell-components : 2.0.8-1zimbra8.8b1
zimbra-snmp-components : 1.0.3-1zimbra8.7b1
zimbra-mta-components : 1.0.14-1zimbra8.8b1
zimbra-core-components : 3.0.10-1zimbra8.8b1
zimbra-proxy-components : 1.0.9-1zimbra8.8b1
zimbra-store-components : 1.0.3-1zimbra8.7b1
zimbra-ldap-components : 2.0.4-1zimbra8.8b1
  • OpenSSL and Postfix TLS 1.3 Packages

The GA packages for RHEL8 and UBUNTU20 are:

Package Name      Version
zimbra-openssl : 1.1.1l-1zimbra8.7b4
zimbra-postfix : 3.6.1-1zimbra8.7b3
zimbra-nginx : 1.20.0-1zimbra8.8b2
zimbra-mariadb : 10.1.25-1zimbra8.7b3
zimbra-heimdal : 1.5.3-1zimbra8.7b3
zimbra-curl : 7.49.1-1zimbra8.7b3
zimbra-perl-net-ssleay : 1.88-1zimbra8.7b2
zimbra-unbound : 1.11.0-1zimbra8.7b2
zimbra-apr-util : 1.6.1-1zimbra8.7b2
zimbra-perl-dbd-mysql : 4.050-1zimbra8.7b4
zimbra-net-snmp : 5.8-1zimbra8.7b3
zimbra-perl-crypt-openssl-random : 0.11-1zimbra8.7b3
zimbra-perl-crypt-openssl-rsa : 0.31-1zimbra8.7b2
zimbra-cyrus-sasl : 2.1.26-1zimbra8.7b3
zimbra-openldap : 2.4.49-1zimbra8.8b4
zimbra-opendkim : 2.10.3-1zimbra8.7b5
zimbra-clamav : 0.103.2-1zimbra8.8b3
zimbra-perl-io-socket-ssl : 2.068-1zimbra8.7b3
zimbra-perl-net-http : 6.09-1zimbra8.7b4
zimbra-perl-libwww : 6.13-1zimbra8.7b4
zimbra-perl-lwp-protocol-https : 6.06-1zimbra8.7b4
zimbra-perl-xml-parser : 2.44-1zimbra8.7b4
zimbra-perl-soap-lite : 1.19-1zimbra8.7b4
zimbra-perl-xml-sax-expat : 0.51-1zimbra8.7b4
zimbra-perl-xml-simple : 2.25-1zimbra8.7b3
zimbra-perl-mail-dkim : 0.40-1zimbra8.7b3
zimbra-perl-mail-spamassassin : 3.4.5-1zimbra8.8b4
zimbra-spamassassin-rules : 1.0.0-1zimbra8.8b5
zimbra-perl-innotop : 1.9.1-1zimbra8.7b4
zimbra-httpd : 2.4.53-1zimbra8.7b3
zimbra-php : 7.4.27-1zimbra8.7b3
zimbra-perl : 1.0.6-1zimbra8.7b1
zimbra-dnscache-components : 1.0.2-1zimbra8.7b1
zimbra-apache-components : 2.0.7-1zimbra8.8b1
zimbra-spell-components : 2.0.9-1zimbra8.8b1
zimbra-snmp-components : 1.0.3-1zimbra8.7b1
zimbra-mta-components : 1.0.14-1zimbra8.8b1
zimbra-core-components : 3.0.10-1zimbra8.8b1
zimbra-proxy-components : 1.0.9-1zimbra8.8b1
zimbra-store-components : 1.0.3-1zimbra8.7b1
zimbra-ldap-components : 2.0.4-1zimbra8.8b1
zimbra-mbox-store-libs : 9.0.0.1615887345-1

The updated GA packages are:

Package            Old-Version    New-Version
postfix              3.5.6          3.6.1
openssl              1.1.1k         1.1.1l
openldap             2.4.49         2.4.59
nginx                1.19.0         1.20.0
postfix-logwatch     1.40.01        1.40.03
io-socket-ssl	     2.020          2.068
xml-simple           2.20           2.25
crypt-openssl-rsa    0.28           0.31
net-snmp             5.7.3          5.8
dbd-mysql            4.033          4.050
apr-util             1.5.4          1.6.1
unbound              1.5.9          1.11.0
net-ssleay           1.72           1.88
PHP                  7.3.25         7.4.27
httpd                2.4.51         2.4.53
  • Nginx TLS 1.3 Packages

The GA packages for RHEL6, RHEL7, RHEL8, UBUNTU14, UBUNTU16, UBUNTU18, UBUNTU20 are:

PackageName                                       Version
zimbra-nginx                               ->     1.20.0-1zimbra8.8b3
zimbra-proxy-patch                         ->     9.0.0.1651844482.p24.1-1
zimbra-proxy-components                    ->     1.0.10-1zimbra8.8b1

Jira Summary

Jira Tickets fixed in 9.0.0 Patch 24.1

ZBUG-2738 Create a hash of the key in Nginx instead of raw value
Jump to: navigation, search