Zimbra Security Advisories: Difference between revisions

Revision as of 12:27, 11 December 2015

Zimbra Security Advisories

Overview

The following Security Vulnerabilities have been fixed and released in recent versions of Zimbra Collaboration software. For the latest release and patches, please be sure to update your Zimbra Collaboration servers with the software available on our Download pages:

Zimbra Collaboration - Network Edition: http://www.zimbra.com/downloads/ne-downloads.html#latest_8_release
Zimbra Collaboration - Open-Source Edition: http://www.zimbra.com/downloads/os-downloads.html

Zimbra Collaboration - Security Vulnerability Advisories

(beginning with ZCS 7.1.3)

Bug Number	Summary	CVE ID	CVSS Score	Zimbra Rating Classification	Fix Release or Patch Version	Reporter
91484	Patch ZCS8 OpenSSL for CVE-2014-0224	CVE-2014-0224	6.8	Major	8.0.3+Patch 8.0.4+Patch 8.0.5+Patch 8.0.6+Patch 8.0.7+Patch 8.0.7+Patch	Upstream
88708	Patch ZCS8 OpenSSL for CVE-2014-0160	CVE-2014-0160	5.0	Major	8.0.3+[/support/security/b/weblog/archive/2014/05/19/critical-security-advisory-and-builds-patches-for-the-openssl-heartbleed-vulnerability.aspx Patch] 8.0.4+[/support/security/b/weblog/archive/2014/05/19/critical-security-advisory-and-builds-patches-for-the-openssl-heartbleed-vulnerability.aspx Patch] 8.0.5+[/support/security/b/weblog/archive/2014/05/19/critical-security-advisory-and-builds-patches-for-the-openssl-heartbleed-vulnerability.aspx Patch] 8.0.6+[/support/security/b/weblog/archive/2014/05/19/critical-security-advisory-and-builds-patches-for-the-openssl-heartbleed-vulnerability.aspx Patch] 8.0.7+[/support/security/b/weblog/archive/2014/05/19/critical-security-advisory-and-builds-patches-for-the-openssl-heartbleed-vulnerability.aspx Patch] 8.0.7	Upstream
85499	Upgrade to OpenSSL 1.0.1f	CVE-2013-4353 CVE-2013-6449 CVE-2013-6450	4.3 4.3 5.8	Major	8.0.7	Upstream
84547	Critical Vulnerability	CVE-2013-7217	10.0 6.4	Critical	7.2.2_Patch3 7.2.3_Patch 7.2.4_Patch2 7.2.5_Patch 7.2.6 8.0.3_Patch3 8.0.4_Patch2 8.0.5_Patch 8.0.6	Private
85478	XSS vulnerability in message view	-	6.4	Major	8.0.7	Alban Diquet of iSEC Partners
85411	Local root privilege escalation	-	6.2	Major	8.0.7	Matthew David
85000	Patch nginx for CVE-2013-4547	CVE-2013-4547	7.5	Major	7.2.7 8.0.7	Upstream
80450 80131 80445 80132	Upgrade to JDK 1.6 u41 Upgrade OpenSSL to 1.0.0k Upgrade to JDK 1.7u15+ Upgrade to OpenSSL 1.0.1d	CVE-2013-0169	2.6	Minor	7.2.3 7.2.3 8.0.3 8.0.3	Upstream
80338	Local file inclusion via skin/branding feature	CVE-2013-7091	5.0	Critical	6.0.16_Patch 7.1.1_Patch6 7.1.3_Patch3 7.2.2_Patch2 7.2.3 8.0.2_Patch 8.0.3	Private
77655	Separate keystore for CAs used for X509 authentication	-	5.8	Major	8.0.7	Private
75424	Upgrade to Clamav 0.97.5	CVE-2012-1457 CVE-2012-1458 CVE-2012-1459	4.3 4.3 4.3	Minor	7.2.1	Upstream
64981	Do not allow HTTP GET for login	-	6.8	Major	7.1.3_Patch 7.1.4	Private

Try Zimbra

Try now Zimbra Collaboration without any cost with the 60-day free Trial.
Get it now »

Want to get involved?

You can contribute in the Community, in the Wiki, in the Code, or developing Zimlets.
Find out more. »

Other Help Resources

Visit the User Help Page »
Visit the Official Forums »
Zimbra Documentation Page »

Looking for a Video?

Visit our YouTube Channel to keep posted about Webinars, technology news, Product overviews and more.
Go to the YouTube Channel »

@@ Line 14: / Line 14: @@
 <div class="class="col-md-10"">
      <table class="table table-hover table-bordered table-striped">
-<tbody>
 <tr>
 <td style="text-align: center; background-color: #f15922;"><span style="color: #ffffff;"><strong>Bug Number</strong></span></td>
@@ Line 134: / Line 133: @@
 <td>Private</td>
 </tr>
-</tbody>
 </table>
 </div>

Zimbra Security Advisories: Difference between revisions

Revision as of 12:27, 11 December 2015