Zimbra Security Advisories: Difference between revisions
No edit summary |
m (minor cleanup, prefer https) |
||
Line 7: | Line 7: | ||
<p>The following Security Vulnerabilities have been fixed and released in recent versions of Zimbra Collaboration software. For the latest release and patches, please be sure to update your Zimbra Collaboration servers with the software available on our Download pages:</p> | <p>The following Security Vulnerabilities have been fixed and released in recent versions of Zimbra Collaboration software. For the latest release and patches, please be sure to update your Zimbra Collaboration servers with the software available on our Download pages:</p> | ||
<ul> | <ul> | ||
<li>Zimbra Collaboration - Network Edition: | <li>Zimbra Collaboration - Network Edition: https://www.zimbra.com/downloads/ne-downloads.html</li> | ||
<li>Zimbra Collaboration - Open-Source Edition: | <li>Zimbra Collaboration - Open-Source Edition: https://www.zimbra.com/downloads/os-downloads.html</li> | ||
</ul> | </ul> | ||
===Zimbra Collaboration - Security Vulnerability Advisories=== | ===Zimbra Collaboration - Security Vulnerability Advisories=== | ||
<p><span style="font-size: medium;"><em>( | <p><span style="font-size: medium;"><em>(going back to ZCS 7.1.3)</em></span></p> | ||
<div class="col-md-12"> | <div class="col-md-12"> | ||
<table class="table table-striped table-condensed"> | <table class="table table-striped table-condensed"> | ||
Line 26: | Line 26: | ||
<td>[https://bugzilla.zimbra.com/show_bug.cgi?id=91484 91484]</td> | <td>[https://bugzilla.zimbra.com/show_bug.cgi?id=91484 91484]</td> | ||
<td>Patch ZCS8 OpenSSL for CVE-2014-0224</td> | <td>Patch ZCS8 OpenSSL for CVE-2014-0224</td> | ||
<td>[https:// | <td>[https://nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0224 CVE-2014-0224]</td> | ||
<td>6.8</td> | <td>6.8</td> | ||
<td>Major</td> | <td>Major</td> | ||
Line 35: | Line 35: | ||
<td>[https://bugzilla.zimbra.com/show_bug.cgi?id=88708 88708]</td> | <td>[https://bugzilla.zimbra.com/show_bug.cgi?id=88708 88708]</td> | ||
<td>Patch ZCS8 OpenSSL for CVE-2014-0160</td> | <td>Patch ZCS8 OpenSSL for CVE-2014-0160</td> | ||
<td>[https:// | <td>[https://nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0160 CVE-2014-0160]</td> | ||
<td>5.0</td> | <td>5.0</td> | ||
<td>Major</td> | <td>Major</td> | ||
Line 44: | Line 44: | ||
<td>[https://bugzilla.zimbra.com/show_bug.cgi?id=85499 85499]</td> | <td>[https://bugzilla.zimbra.com/show_bug.cgi?id=85499 85499]</td> | ||
<td>Upgrade to OpenSSL 1.0.1f</td> | <td>Upgrade to OpenSSL 1.0.1f</td> | ||
<td>[ | <td>[https://nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4353 CVE-2013-4353]<br /> [https://nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6449 CVE-2013-6449]<br /> [https://nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6450 CVE-2013-6450]</td> | ||
<td>4.3<br />4.3<br />5.8</td> | <td>4.3<br />4.3<br />5.8</td> | ||
<td>Major</td> | <td>Major</td> | ||
Line 53: | Line 53: | ||
<td>[https://bugzilla.zimbra.com/show_bug.cgi?id=84547 84547]</td> | <td>[https://bugzilla.zimbra.com/show_bug.cgi?id=84547 84547]</td> | ||
<td>Critical Vulnerability</td> | <td>Critical Vulnerability</td> | ||
<td>[ | <td>[https://nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-7217 CVE-2013-7217]</td> | ||
<td>10.0<br /> [ | <td>10.0<br /> [https://nvd.nist.gov/cvss.cfm?calculator&version=2&vector=(AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4]</td> | ||
<td>Critical</td> | <td>Critical</td> | ||
<td>7.2.2_Patch3<br /> 7.2.3_Patch<br /> 7.2.4_Patch2<br /> 7.2.5_Patch<br /> 7.2.6<br /> 8.0.3_Patch3<br /> 8.0.4_Patch2<br /> 8.0.5_Patch<br /> 8.0.6</td> | <td>7.2.2_Patch3<br /> 7.2.3_Patch<br /> 7.2.4_Patch2<br /> 7.2.5_Patch<br /> 7.2.6<br /> 8.0.3_Patch3<br /> 8.0.4_Patch2<br /> 8.0.5_Patch<br /> 8.0.6</td> | ||
Line 63: | Line 63: | ||
<td>XSS vulnerability in message view</td> | <td>XSS vulnerability in message view</td> | ||
<td>-</td> | <td>-</td> | ||
<td>[ | <td>[https://nvd.nist.gov/cvss.cfm?calculator&version=2&vector=(AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4]</td> | ||
<td>Major</td> | <td>Major</td> | ||
<td>8.0.7</td> | <td>8.0.7</td> | ||
Line 74: | Line 74: | ||
<td>Local root privilege escalation</td> | <td>Local root privilege escalation</td> | ||
<td>-</td> | <td>-</td> | ||
<td>[ | <td>[https://nvd.nist.gov/cvss.cfm?calculator&version=2&vector=(AV:L/AC:L/Au:S/C:C/I:C/A:N) 6.2]</td> | ||
<td>Major</td> | <td>Major</td> | ||
<td>8.0.7</td> | <td>8.0.7</td> | ||
Line 82: | Line 82: | ||
<td>[https://bugzilla.zimbra.com/show_bug.cgi?id=85000 85000]</td> | <td>[https://bugzilla.zimbra.com/show_bug.cgi?id=85000 85000]</td> | ||
<td>Patch nginx for CVE-2013-4547</td> | <td>Patch nginx for CVE-2013-4547</td> | ||
<td>[ | <td>[https://nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4547 CVE-2013-4547]</td> | ||
<td>7.5</td> | <td>7.5</td> | ||
<td>Major</td> | <td>Major</td> | ||
Line 91: | Line 91: | ||
<td>[https://bugzilla.zimbra.com/show_bug.cgi?id=80450 80450]<br /> [https://bugzilla.zimbra.com/show_bug.cgi?id=80131 80131]<br /> [https://bugzilla.zimbra.com/show_bug.cgi?id=80445 80445]<br /> [https://bugzilla.zimbra.com/show_bug.cgi?id=80132 80132]</td> | <td>[https://bugzilla.zimbra.com/show_bug.cgi?id=80450 80450]<br /> [https://bugzilla.zimbra.com/show_bug.cgi?id=80131 80131]<br /> [https://bugzilla.zimbra.com/show_bug.cgi?id=80445 80445]<br /> [https://bugzilla.zimbra.com/show_bug.cgi?id=80132 80132]</td> | ||
<td>Upgrade to JDK 1.6 u41<br /> Upgrade OpenSSL to 1.0.0k<br /> Upgrade to JDK 1.7u15+<br /> Upgrade to OpenSSL 1.0.1d</td> | <td>Upgrade to JDK 1.6 u41<br /> Upgrade OpenSSL to 1.0.0k<br /> Upgrade to JDK 1.7u15+<br /> Upgrade to OpenSSL 1.0.1d</td> | ||
<td>[ | <td>[https://nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0169 CVE-2013-0169]</td> | ||
<td>2.6</td> | <td>2.6</td> | ||
<td>Minor</td> | <td>Minor</td> | ||
Line 100: | Line 100: | ||
<td>[https://bugzilla.zimbra.com/show_bug.cgi?id=80338 80338]</td> | <td>[https://bugzilla.zimbra.com/show_bug.cgi?id=80338 80338]</td> | ||
<td>Local file inclusion via skin/branding feature</td> | <td>Local file inclusion via skin/branding feature</td> | ||
<td>[https:// | <td>[https://nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-7091 CVE-2013-7091]</td> | ||
<td>5.0</td> | <td>5.0</td> | ||
<td>Critical</td> | <td>Critical</td> | ||
Line 110: | Line 110: | ||
<td>Separate keystore for CAs used for X509 authentication</td> | <td>Separate keystore for CAs used for X509 authentication</td> | ||
<td>-</td> | <td>-</td> | ||
<td>[ | <td>[https://nvd.nist.gov/cvss.cfm?calculator&version=2&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:N) 5.8]</td> | ||
<td>Major</td> | <td>Major</td> | ||
<td>8.0.7</td> | <td>8.0.7</td> | ||
Line 118: | Line 118: | ||
<td>[https://bugzilla.zimbra.com/show_bug.cgi?id=75424 75424]</td> | <td>[https://bugzilla.zimbra.com/show_bug.cgi?id=75424 75424]</td> | ||
<td>Upgrade to Clamav 0.97.5</td> | <td>Upgrade to Clamav 0.97.5</td> | ||
<td>[ | <td>[https://nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1457 CVE-2012-1457]<br /> [https://nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1458 CVE-2012-1458]<br /> [https://nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1459 CVE-2012-1459]</td> | ||
<td>4.3<br />4.3<br />4.3</td> | <td>4.3<br />4.3<br />4.3</td> | ||
<td>Minor</td> | <td>Minor</td> | ||
Line 128: | Line 128: | ||
<td>Do not allow HTTP GET for login</td> | <td>Do not allow HTTP GET for login</td> | ||
<td>-</td> | <td>-</td> | ||
<td>[ | <td>[https://nvd.nist.gov/cvss.cfm?calculator&version=2&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8]</td> | ||
<td>Major</td> | <td>Major</td> | ||
<td>7.1.3_Patch<br />7.1.4</td> | <td>7.1.3_Patch<br />7.1.4</td> |
Revision as of 18:27, 11 December 2015
Zimbra Security Advisories
Overview
The following Security Vulnerabilities have been fixed and released in recent versions of Zimbra Collaboration software. For the latest release and patches, please be sure to update your Zimbra Collaboration servers with the software available on our Download pages:
- Zimbra Collaboration - Network Edition: https://www.zimbra.com/downloads/ne-downloads.html
- Zimbra Collaboration - Open-Source Edition: https://www.zimbra.com/downloads/os-downloads.html
Zimbra Collaboration - Security Vulnerability Advisories
(going back to ZCS 7.1.3)
Bug Number | Summary | CVE ID | CVSS Score | Zimbra Rating Classification | Fix Release or Patch Version | Reporter |
91484 | Patch ZCS8 OpenSSL for CVE-2014-0224 | CVE-2014-0224 | 6.8 | Major | 8.0.3+Patch 8.0.4+Patch 8.0.5+Patch 8.0.6+Patch 8.0.7+Patch 8.0.7+Patch |
Upstream |
88708 | Patch ZCS8 OpenSSL for CVE-2014-0160 | CVE-2014-0160 | 5.0 | Major | 8.0.3+ Patch 8.0.4+ Patch 8.0.5+ Patch 8.0.6+ Patch 8.0.7+ Patch 8.0.7 |
Upstream |
85499 | Upgrade to OpenSSL 1.0.1f | CVE-2013-4353 CVE-2013-6449 CVE-2013-6450 |
4.3 4.3 5.8 |
Major | 8.0.7 | Upstream |
84547 | Critical Vulnerability | CVE-2013-7217 | 10.0 6.4 |
Critical | 7.2.2_Patch3 7.2.3_Patch 7.2.4_Patch2 7.2.5_Patch 7.2.6 8.0.3_Patch3 8.0.4_Patch2 8.0.5_Patch 8.0.6 |
Private |
85478 | XSS vulnerability in message view | - | 6.4 | Major | 8.0.7 |
Alban Diquet of iSEC Partners |
85411 | Local root privilege escalation | - | 6.2 | Major | 8.0.7 | Matthew David |
85000 | Patch nginx for CVE-2013-4547 | CVE-2013-4547 | 7.5 | Major | 7.2.7 8.0.7 |
Upstream |
80450 80131 80445 80132 |
Upgrade to JDK 1.6 u41 Upgrade OpenSSL to 1.0.0k Upgrade to JDK 1.7u15+ Upgrade to OpenSSL 1.0.1d |
CVE-2013-0169 | 2.6 | Minor | 7.2.3 7.2.3 8.0.3 8.0.3 |
Upstream |
80338 | Local file inclusion via skin/branding feature | CVE-2013-7091 | 5.0 | Critical | 6.0.16_Patch 7.1.1_Patch6 7.1.3_Patch3 7.2.2_Patch2 7.2.3 8.0.2_Patch 8.0.3 |
Private |
77655 | Separate keystore for CAs used for X509 authentication | - | 5.8 | Major | 8.0.7 | Private |
75424 | Upgrade to Clamav 0.97.5 | CVE-2012-1457 CVE-2012-1458 CVE-2012-1459 |
4.3 4.3 4.3 |
Minor | 7.2.1 | Upstream |
64981 | Do not allow HTTP GET for login | - | 6.8 | Major | 7.1.3_Patch 7.1.4 |
Private |
Try Zimbra
Try now Zimbra Collaboration without any cost with the 60-day free Trial.
Get it now »
Want to get involved?
You can contribute in the Community, in the Wiki, in the Code, or developing Zimlets.
Find out more. »
Other Help Resources
Visit the User Help Page »
Visit the Official Forums »
Zimbra Documentation Page »
Looking for a Video?
Visit our YouTube Channel to keep posted about Webinars, technology news, Product overviews and more.
Go to the YouTube Channel »