Zimbra Security Advisories: Difference between revisions

No edit summary
No edit summary
Line 38: Line 38:
<td>5.0</td>
<td>5.0</td>
<td>Major</td>
<td>Major</td>
<td>8.0.3+[/support/security/b/weblog/archive/2014/05/19/critical-security-advisory-and-builds-patches-for-the-openssl-heartbleed-vulnerability.aspx Patch]<br /> 8.0.4+[/support/security/b/weblog/archive/2014/05/19/critical-security-advisory-and-builds-patches-for-the-openssl-heartbleed-vulnerability.aspx Patch]<br /> 8.0.5+[/support/security/b/weblog/archive/2014/05/19/critical-security-advisory-and-builds-patches-for-the-openssl-heartbleed-vulnerability.aspx Patch]<br /> 8.0.6+[/support/security/b/weblog/archive/2014/05/19/critical-security-advisory-and-builds-patches-for-the-openssl-heartbleed-vulnerability.aspx Patch]<br /> 8.0.7+[/support/security/b/weblog/archive/2014/05/19/critical-security-advisory-and-builds-patches-for-the-openssl-heartbleed-vulnerability.aspx Patch]<br /> 8.0.7</td>
<td>[https://wiki.zimbra.com/wiki/Category:Security_Center 8.0.3+ Patch]<br /> [https://wiki.zimbra.com/wiki/Category:Security_Center 8.0.4+ Patch]<br /> [https://wiki.zimbra.com/wiki/Category:Security_Center 8.0.5+ Patch]<br /> [https://wiki.zimbra.com/wiki/Category:Security_Center 8.0.6+ Patch]<br /> [https://wiki.zimbra.com/wiki/Category:Security_Center 8.0.7+ Patch]<br /> 8.0.7</td>
<td>Upstream</td>
<td>Upstream</td>
</tr>
</tr>

Revision as of 16:23, 11 December 2015

Zimbra Security Advisories

Overview

The following Security Vulnerabilities have been fixed and released in recent versions of Zimbra Collaboration software. For the latest release and patches, please be sure to update your Zimbra Collaboration servers with the software available on our Download pages:

Zimbra Collaboration - Security Vulnerability Advisories

(beginning with ZCS 7.1.3)

Bug Number Summary CVE ID CVSS Score Zimbra Rating Classification Fix Release or Patch Version Reporter
91484 Patch ZCS8 OpenSSL for CVE-2014-0224 CVE-2014-0224 6.8 Major 8.0.3+Patch
8.0.4+Patch
8.0.5+Patch
8.0.6+Patch
8.0.7+Patch
8.0.7+Patch
Upstream
88708 Patch ZCS8 OpenSSL for CVE-2014-0160 CVE-2014-0160 5.0 Major 8.0.3+ Patch
8.0.4+ Patch
8.0.5+ Patch
8.0.6+ Patch
8.0.7+ Patch
8.0.7
Upstream
85499 Upgrade to OpenSSL 1.0.1f CVE-2013-4353
CVE-2013-6449
CVE-2013-6450
4.3
4.3
5.8
Major 8.0.7 Upstream
84547 Critical Vulnerability CVE-2013-7217 10.0
6.4
Critical 7.2.2_Patch3
7.2.3_Patch
7.2.4_Patch2
7.2.5_Patch
7.2.6
8.0.3_Patch3
8.0.4_Patch2
8.0.5_Patch
8.0.6
Private
85478 XSS vulnerability in message view - 6.4 Major 8.0.7

Alban Diquet of iSEC Partners

85411 Local root privilege escalation - 6.2 Major 8.0.7 Matthew David
85000 Patch nginx for CVE-2013-4547 CVE-2013-4547 7.5 Major 7.2.7
8.0.7
Upstream
80450
80131
80445
80132
Upgrade to JDK 1.6 u41
Upgrade OpenSSL to 1.0.0k
Upgrade to JDK 1.7u15+
Upgrade to OpenSSL 1.0.1d
CVE-2013-0169 2.6 Minor 7.2.3
7.2.3
8.0.3
8.0.3
Upstream
80338 Local file inclusion via skin/branding feature CVE-2013-7091 5.0 Critical 6.0.16_Patch
7.1.1_Patch6
7.1.3_Patch3
7.2.2_Patch2
7.2.3
8.0.2_Patch
8.0.3
Private
77655 Separate keystore for CAs used for X509 authentication - 5.8 Major 8.0.7 Private
75424 Upgrade to Clamav 0.97.5 CVE-2012-1457
CVE-2012-1458
CVE-2012-1459
4.3
4.3
4.3
Minor 7.2.1 Upstream
64981 Do not allow HTTP GET for login - 6.8 Major 7.1.3_Patch
7.1.4
Private

Try Zimbra

Try now Zimbra Collaboration without any cost with the 60-day free Trial.
Get it now »

Want to get involved?

You can contribute in the Community, in the Wiki, in the Code, or developing Zimlets.
Find out more. »

Looking for a Video?

Visit our YouTube Channel to keep posted about Webinars, technology news, Product overviews and more.
Go to the YouTube Channel »


Jump to: navigation, search