Zimbra Security Advisories: Difference between revisions
(Additional details made public along with a few other reporter updates) |
|||
Line 29: | Line 29: | ||
[https://bugzilla.zimbra.com/show_bug.cgi?id=101436 101436]<br /> | [https://bugzilla.zimbra.com/show_bug.cgi?id=101436 101436]<br /> | ||
</td> | </td> | ||
<td>-</td> | <td>Persistent XSS [CWE-79]</td> | ||
<td>CVE-2015-7609</td> | <td>CVE-2015-7609</td> | ||
<td> | <td> | ||
Line 37: | Line 37: | ||
<td>Major</td> | <td>Major</td> | ||
<td>8.6.0 Patch5</td> | <td>8.6.0 Patch5</td> | ||
<td> | <td>Fortinet's FortiGuard Labs</td> | ||
</tr> | </tr> | ||
Line 63: | Line 63: | ||
<td>Minor</td> | <td>Minor</td> | ||
<td>8.6.0 Patch5</td> | <td>8.6.0 Patch5</td> | ||
<td> | <td>Upstream</td> | ||
</tr> | </tr> | ||
Line 77: | Line 77: | ||
<td>Minor</td> | <td>Minor</td> | ||
<td>8.6.0 Patch2</td> | <td>8.6.0 Patch2</td> | ||
<td> | <td>Cure53</td> | ||
</tr> | </tr> | ||
Line 87: | Line 87: | ||
<td>Minor</td> | <td>Minor</td> | ||
<td>8.6.0 Patch2</td> | <td>8.6.0 Patch2</td> | ||
<td> | <td>MWR InfoSecurity</td> | ||
</tr> | </tr> | ||
Line 138: | Line 138: | ||
<tr> | <tr> | ||
<td>[https://bugzilla.zimbra.com/show_bug.cgi?id=83550 83550]</td> | <td>[https://bugzilla.zimbra.com/show_bug.cgi?id=83550 83550]</td> | ||
<td>CWE-384 | <td>Session Fixation [CWE-384]</td> | ||
<td>[https://nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5119 CVE-2013-5119]</td> | <td>[https://nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5119 CVE-2013-5119]</td> | ||
<td>5.8</td> | <td>5.8</td> |
Revision as of 20:59, 1 February 2016
Zimbra Security Advisories
Overview
The following Security Vulnerabilities have been fixed and released in recent versions of Zimbra Collaboration software. For the latest release and patches, please be sure to update your Zimbra Collaboration servers with the software available on our Download pages:
- Zimbra Collaboration - Network Edition: https://www.zimbra.com/downloads/ne-downloads.html
- Zimbra Collaboration - Open-Source Edition: https://www.zimbra.com/downloads/os-downloads.html
Zimbra Collaboration - Security Vulnerability Advisories
(going back to ZCS 7.1.3)
Bug# | Summary | CVE-ID | CVSS Score |
Zimbra Rating |
Fix Release or Patch Version |
Reporter |
---|---|---|---|---|---|---|
Persistent XSS [CWE-79] | CVE-2015-7609 |
6.4 |
Major | 8.6.0 Patch5 | Fortinet's FortiGuard Labs | |
- | CVE-2015-2249 | 3.5 | Minor | 8.6.0 Patch5 | - | |
99236 | XSS Vuln in YUI components in ZCS | CVE-2012-5881 CVE-2012-5882 CVE-2012-5883 |
4.3 | Minor | 8.6.0 Patch5 | Upstream |
Non-Persistent XSS [CWE-79] | CVE-2015-2249 | 4.3 | Minor | 8.6.0 Patch2 | Cure53 | |
97625 | Reflected XSS [CWE-79] | CVE-2015-2230 | 3.5 | Minor | 8.6.0 Patch2 | MWR InfoSecurity |
96105 | Improper Input Validation [CWE-20] | CVE-2014-8563 | 5.8 | Major |
8.0.9 |
- |
83547 | CSRF Vulnerability [CWE-352] | CVE-2015-6541 | 5.8 | Major | 8.5.0 | - |
XSS Vulnerabilities [CWE-79] |
CVE-2014-5500 | 4.3 | Minor |
8.0.8 |
- | |
83550 | Session Fixation [CWE-384] | CVE-2013-5119 | 5.8 | Major | 8.5.0 | - |
91484 | Patch ZCS8 OpenSSL for CVE-2014-0224 | CVE-2014-0224 | 6.8 | Major | Upstream | |
88708 | Patch ZCS8 OpenSSL for CVE-2014-0160 | CVE-2014-0160 | 5.0 | Major |
8.0.3+ Patch |
Upstream |
85499 | Upgrade to OpenSSL 1.0.1f | CVE-2013-4353 CVE-2013-6449 CVE-2013-6450 |
4.3 4.3 5.8 |
Major | 8.0.7 | Upstream |
84547 | Critical Vulnerability | CVE-2013-7217 | 10.0 6.4 |
Critical | 7.2.2_Patch3 7.2.3_Patch 7.2.4_Patch2 7.2.5_Patch 7.2.6 8.0.3_Patch3 8.0.4_Patch2 8.0.5_Patch 8.0.6 |
Private |
85478 | XSS vulnerability in message view | - | 6.4 | Major | 8.0.7 |
Alban Diquet |
85411 | Local root privilege escalation | - | 6.2 | Major | 8.0.7 | Matthew David |
85000 | Patch nginx for CVE-2013-4547 | CVE-2013-4547 | 7.5 | Major | 7.2.7 8.0.7 |
Upstream |
Upgrade to JDK 1.6 u41 |
CVE-2013-0169 | 2.6 | Minor | 7.2.3 7.2.3 8.0.3 8.0.3 |
Upstream | |
80338 | Local file inclusion via skin/branding feature | CVE-2013-7091 | 5.0 | Critical | 6.0.16_Patch 7.1.1_Patch6 7.1.3_Patch3 7.2.2_Patch2 7.2.3 8.0.2_Patch 8.0.3 |
Private |
77655 | Separate keystore for CAs used for X509 authentication | - | 5.8 | Major | 8.0.7 | Private |
75424 | Upgrade to Clamav 0.97.5 | 4.3 4.3 4.3 |
Minor | 7.2.1 | Upstream | |
64981 | Do not allow HTTP GET for login | - | 6.8 | Major | 7.1.3_Patch 7.1.4 |
Private |
Try Zimbra
Try now Zimbra Collaboration without any cost with the 60-day free Trial.
Get it now »
Want to get involved?
You can contribute in the Community, in the Wiki, in the Code, or developing Zimlets.
Find out more. »
Other Help Resources
Visit the User Help Page »
Visit the Official Forums »
Zimbra Documentation Page »
Looking for a Video?
Visit our YouTube Channel to keep posted about Webinars, technology news, Product overviews and more.
Go to the YouTube Channel »