Zimbra Security Advisories: Difference between revisions
No edit summary |
No edit summary |
||
Line 12: | Line 12: | ||
===Zimbra Collaboration - Security Vulnerability Advisories=== | ===Zimbra Collaboration - Security Vulnerability Advisories=== | ||
<p><span style="font-size: medium;"><em>(beginning with ZCS 7.1.3)</em></span></p> | <p><span style="font-size: medium;"><em>(beginning with ZCS 7.1.3)</em></span></p> | ||
<div | <div class="col-md-10"> | ||
<table class="table table-hover table-bordered table-striped"> | <table class="table table-hover table-bordered table-striped"> | ||
<tr> | <tr> |
Revision as of 16:02, 11 December 2015
Zimbra Security Advisories
Overview
The following Security Vulnerabilities have been fixed and released in recent versions of Zimbra Collaboration software. For the latest release and patches, please be sure to update your Zimbra Collaboration servers with the software available on our Download pages:
- Zimbra Collaboration - Network Edition: http://www.zimbra.com/downloads/ne-downloads.html#latest_8_release
- Zimbra Collaboration - Open-Source Edition: http://www.zimbra.com/downloads/os-downloads.html
Zimbra Collaboration - Security Vulnerability Advisories
(beginning with ZCS 7.1.3)
Bug Number | Summary | CVE ID | CVSS Score | Zimbra Rating Classification | Fix Release or Patch Version | Reporter |
91484 | Patch ZCS8 OpenSSL for CVE-2014-0224 | CVE-2014-0224 | 6.8 | Major | 8.0.3+Patch 8.0.4+Patch 8.0.5+Patch 8.0.6+Patch 8.0.7+Patch 8.0.7+Patch |
Upstream |
88708 | Patch ZCS8 OpenSSL for CVE-2014-0160 | CVE-2014-0160 | 5.0 | Major | 8.0.3+[/support/security/b/weblog/archive/2014/05/19/critical-security-advisory-and-builds-patches-for-the-openssl-heartbleed-vulnerability.aspx Patch] 8.0.4+[/support/security/b/weblog/archive/2014/05/19/critical-security-advisory-and-builds-patches-for-the-openssl-heartbleed-vulnerability.aspx Patch] 8.0.5+[/support/security/b/weblog/archive/2014/05/19/critical-security-advisory-and-builds-patches-for-the-openssl-heartbleed-vulnerability.aspx Patch] 8.0.6+[/support/security/b/weblog/archive/2014/05/19/critical-security-advisory-and-builds-patches-for-the-openssl-heartbleed-vulnerability.aspx Patch] 8.0.7+[/support/security/b/weblog/archive/2014/05/19/critical-security-advisory-and-builds-patches-for-the-openssl-heartbleed-vulnerability.aspx Patch] 8.0.7 |
Upstream |
85499 | Upgrade to OpenSSL 1.0.1f | CVE-2013-4353 CVE-2013-6449 CVE-2013-6450 |
4.3 4.3 5.8 |
Major | 8.0.7 | Upstream |
84547 | Critical Vulnerability | CVE-2013-7217 | 10.0 6.4 |
Critical | 7.2.2_Patch3 7.2.3_Patch 7.2.4_Patch2 7.2.5_Patch 7.2.6 8.0.3_Patch3 8.0.4_Patch2 8.0.5_Patch 8.0.6 |
Private |
85478 | XSS vulnerability in message view | - | 6.4 | Major | 8.0.7 |
Alban Diquet of iSEC Partners |
85411 | Local root privilege escalation | - | 6.2 | Major | 8.0.7 | Matthew David |
85000 | Patch nginx for CVE-2013-4547 | CVE-2013-4547 | 7.5 | Major | 7.2.7 8.0.7 |
Upstream |
80450 80131 80445 80132 |
Upgrade to JDK 1.6 u41 Upgrade OpenSSL to 1.0.0k Upgrade to JDK 1.7u15+ Upgrade to OpenSSL 1.0.1d |
CVE-2013-0169 | 2.6 | Minor | 7.2.3 7.2.3 8.0.3 8.0.3 |
Upstream |
80338 | Local file inclusion via skin/branding feature | CVE-2013-7091 | 5.0 | Critical | 6.0.16_Patch 7.1.1_Patch6 7.1.3_Patch3 7.2.2_Patch2 7.2.3 8.0.2_Patch 8.0.3 |
Private |
77655 | Separate keystore for CAs used for X509 authentication | - | 5.8 | Major | 8.0.7 | Private |
75424 | Upgrade to Clamav 0.97.5 | CVE-2012-1457 CVE-2012-1458 CVE-2012-1459 |
4.3 4.3 4.3 |
Minor | 7.2.1 | Upstream |
64981 | Do not allow HTTP GET for login | - | 6.8 | Major | 7.1.3_Patch 7.1.4 |
Private |
Try Zimbra
Try now Zimbra Collaboration without any cost with the 60-day free Trial.
Get it now »
Want to get involved?
You can contribute in the Community, in the Wiki, in the Code, or developing Zimlets.
Find out more. »
Other Help Resources
Visit the User Help Page »
Visit the Official Forums »
Zimbra Documentation Page »
Looking for a Video?
Visit our YouTube Channel to keep posted about Webinars, technology news, Product overviews and more.
Go to the YouTube Channel »