Zimbra Security Advisories: Difference between revisions
m (minor cleanup, prefer https) |
(update info up through ZCS 8.6.0 Patch5) |
||
Line 15: | Line 15: | ||
<table class="table table-striped table-condensed"> | <table class="table table-striped table-condensed"> | ||
<tr> | <tr> | ||
< | <th style="background-color: #f15922; width: 80px;"><span style="color: #ffffff;">Bug#</span></th> | ||
< | <th style="text-align: center; background-color: #f15922;"><span style="color: #ffffff;">Summary</span></th> | ||
< | <th style="background-color: #f15922;"><span style="color: #ffffff;"><strong>CVE-ID</strong></span></th> | ||
< | <th style="background-color: #f15922;"><span style="color: #ffffff;"><strong>CVSS<br />Score</strong></span></th> | ||
< | <th style="text-align: center; background-color: #f15922;">[[Zimbra_Vulnerability_Rating_Classification|Zimbra<br />Rating]]<span style="color: #ffffff;"></span></th> | ||
< | <th style="text-align: center; background-color: #f15922;"><span style="color: #ffffff;">Fix Release or <br />Patch Version</span></th> | ||
< | <th style="background-color: #f15922;"><span style="color: #ffffff;">Reporter</span></th> | ||
</tr> | </tr> | ||
<tr> | |||
<td> | |||
[https://bugzilla.zimbra.com/show_bug.cgi?id=101435 101435]<br /> | |||
[https://bugzilla.zimbra.com/show_bug.cgi?id=101436 101436]<br /> | |||
</td> | |||
<td>-</td> | |||
<td>CVE-2015-7609</td> | |||
<td> | |||
6.4<br /> | |||
(2.3)<br /> | |||
</td> | |||
<td>Major</td> | |||
<td>8.6.0 Patch5</td> | |||
<td>-</td> | |||
</tr> | |||
<tr> | |||
<td> | |||
[https://bugzilla.zimbra.com/show_bug.cgi?id=101559 101559] | |||
[https://bugzilla.zimbra.com/show_bug.cgi?id=100133 100133] | |||
[https://bugzilla.zimbra.com/show_bug.cgi?id=99854 99854] | |||
[https://bugzilla.zimbra.com/show_bug.cgi?id=99914 99914] | |||
[https://bugzilla.zimbra.com/show_bug.cgi?id=96973 96973] | |||
</td> | |||
<td>-</td> | |||
<td>CVE-2015-2249</td> | |||
<td>3.5</td> | |||
<td>Minor</td> | |||
<td>8.6.0 Patch5</td> | |||
<td>-</td> | |||
</tr> | |||
<tr> | |||
<td>[https://bugzilla.zimbra.com/show_bug.cgi?id=99236 99236]</td> | |||
<td>-</td> | |||
<td style="white-space:nowrap">CVE-2012-5881 <br /> CVE-2012-5882 <br /> CVE-2012-5883</td> | |||
<td>4.3</td> | |||
<td>Minor</td> | |||
<td>8.6.0 Patch5</td> | |||
<td>-</td> | |||
</tr> | |||
<tr> | |||
<td> | |||
[https://bugzilla.zimbra.com/show_bug.cgi?id=98358 98358] | |||
[https://bugzilla.zimbra.com/show_bug.cgi?id=98216 98216] | |||
[https://bugzilla.zimbra.com/show_bug.cgi?id=98215 98215] | |||
</td> | |||
<td>-</td> | |||
<td>CVE-2015-2249</td> | |||
<td>4.3</td> | |||
<td>Minor</td> | |||
<td>8.6.0 Patch2</td> | |||
<td>-</td> | |||
</tr> | |||
<tr> | |||
<td>[https://bugzilla.zimbra.com/show_bug.cgi?id=97625 97625]</td> | |||
<td>-</td> | |||
<td>CVE-2015-2230</td> | |||
<td>3.5</td> | |||
<td>Minor</td> | |||
<td>8.6.0 Patch2</td> | |||
<td>-</td> | |||
</tr> | |||
<tr> | |||
<td>[https://bugzilla.zimbra.com/show_bug.cgi?id=96105 96105]</td> | |||
<td>-</td> | |||
<td>CVE-2014-8563</td> | |||
<td>5.8</td> | |||
<td>Major</td> | |||
<td> | |||
8.0.9<br /> | |||
8.5.1<br /> | |||
8.6.0<br /> | |||
</td> | |||
<td>-</td> | |||
</tr> | |||
<tr> | |||
<td>[https://bugzilla.zimbra.com/show_bug.cgi?id=83547 83547]</td> | |||
<td>-</td> | |||
<td>CVE-2015-6541</td> | |||
<td>5.8</td> | |||
<td>Major</td> | |||
<td>8.5.0</td> | |||
<td>-</td> | |||
</tr> | |||
<tr> | |||
<td> | |||
[https://bugzilla.zimbra.com/show_bug.cgi?id=87412 87412] | |||
[https://bugzilla.zimbra.com/show_bug.cgi?id=92825 92825] | |||
[https://bugzilla.zimbra.com/show_bug.cgi?id=92833 92833] | |||
[https://bugzilla.zimbra.com/show_bug.cgi?id=92835 92835] | |||
</td> | |||
<td> | |||
-<br /> | |||
(8.0.7 Patch<br /> | |||
contains [https://bugzilla.zimbra.com/show_bug.cgi?id=87412 87412]) | |||
</td> | |||
<td>CVE-2014-5500</td> | |||
<td>4.3</td> | |||
<td>Minor</td> | |||
<td> | |||
8.0.8<br /> | |||
8.5.0<br /> | |||
</td> | |||
<td>-</td> | |||
</tr> | |||
<tr> | |||
<td>[https://bugzilla.zimbra.com/show_bug.cgi?id=83550 83550]</td> | |||
<td>CWE-384: Session Fixation</td> | |||
<td>[https://nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5119 CVE-2013-5119]</td> | |||
<td>5.8</td> | |||
<td>Major</td> | |||
<td>8.5.0</td> | |||
<td>-</td> | |||
</tr> | |||
<tr> | <tr> | ||
<td>[https://bugzilla.zimbra.com/show_bug.cgi?id=91484 91484]</td> | <td>[https://bugzilla.zimbra.com/show_bug.cgi?id=91484 91484]</td> | ||
<td>Patch ZCS8 OpenSSL for CVE-2014-0224</td> | <td>Patch ZCS8 OpenSSL for CVE-2014-0224</td> | ||
<td>[https://nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0224 CVE-2014-0224]</td> | <td style="white-space:nowrap">[https://nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0224 CVE-2014-0224]</td> | ||
<td>6.8</td> | <td>6.8</td> | ||
<td>Major</td> | <td>Major</td> | ||
<td>8.0.3+[https://www.zimbra.com/forums/announcements/73677-20140606-zimbra-security-advisory-cve-2014-0224-ccs-injection-vulnerability.html Patch<br /> | <td style="white-space:nowrap"> | ||
8.0.3+[https://www.zimbra.com/forums/announcements/73677-20140606-zimbra-security-advisory-cve-2014-0224-ccs-injection-vulnerability.html Patch]<br /> 8.0.4+[https://www.zimbra.com/forums/announcements/73677-20140606-zimbra-security-advisory-cve-2014-0224-ccs-injection-vulnerability.html Patch]<br /> 8.0.5+[https://www.zimbra.com/forums/announcements/73677-20140606-zimbra-security-advisory-cve-2014-0224-ccs-injection-vulnerability.html Patch]<br /> 8.0.6+[https://www.zimbra.com/forums/announcements/73677-20140606-zimbra-security-advisory-cve-2014-0224-ccs-injection-vulnerability.html Patch]<br /> 8.0.7+[https://www.zimbra.com/forums/announcements/73677-20140606-zimbra-security-advisory-cve-2014-0224-ccs-injection-vulnerability.html Patch]<br /> | |||
</td> | |||
<td>Upstream</td> | <td>Upstream</td> | ||
</tr> | </tr> | ||
Line 38: | Line 163: | ||
<td>5.0</td> | <td>5.0</td> | ||
<td>Major</td> | <td>Major</td> | ||
<td>[https://wiki.zimbra.com/wiki/Category:Security_Center 8.0.3+ Patch]<br /> [https://wiki.zimbra.com/wiki/Category:Security_Center 8.0.4+ Patch]<br /> [https://wiki.zimbra.com/wiki/Category:Security_Center 8.0.5+ Patch]<br /> [https://wiki.zimbra.com/wiki/Category:Security_Center 8.0.6+ Patch]<br /> [https://wiki.zimbra.com/wiki/Category:Security_Center 8.0.7+ Patch]<br /> 8.0.7</td> | <td style="white-space:nowrap"> | ||
[https://wiki.zimbra.com/wiki/Category:Security_Center 8.0.3+ Patch]<br /> | |||
[https://wiki.zimbra.com/wiki/Category:Security_Center 8.0.4+ Patch]<br /> | |||
[https://wiki.zimbra.com/wiki/Category:Security_Center 8.0.5+ Patch]<br /> | |||
[https://wiki.zimbra.com/wiki/Category:Security_Center 8.0.6+ Patch]<br /> | |||
[https://wiki.zimbra.com/wiki/Category:Security_Center 8.0.7+ Patch]<br /> | |||
8.0.7 | |||
</td> | |||
<td>Upstream</td> | <td>Upstream</td> | ||
</tr> | </tr> | ||
Line 66: | Line 198: | ||
<td>Major</td> | <td>Major</td> | ||
<td>8.0.7</td> | <td>8.0.7</td> | ||
<td> | <td style="white-space:nowrap"> | ||
< | Alban Diquet<br /> of iSEC Partners | ||
</td> | </td> | ||
</tr> | </tr> | ||
Line 77: | Line 209: | ||
<td>Major</td> | <td>Major</td> | ||
<td>8.0.7</td> | <td>8.0.7</td> | ||
<td>Matthew David</td> | <td style="white-space:nowrap">Matthew David</td> | ||
</tr> | </tr> | ||
<tr> | <tr> | ||
Line 89: | Line 221: | ||
</tr> | </tr> | ||
<tr> | <tr> | ||
<td>[https://bugzilla.zimbra.com/show_bug.cgi?id=80450 80450]<br /> [https://bugzilla.zimbra.com/show_bug.cgi?id=80131 80131]<br /> [https://bugzilla.zimbra.com/show_bug.cgi?id=80445 80445]<br /> [https://bugzilla.zimbra.com/show_bug.cgi?id=80132 80132]</td> | <td style="white-space:nowrap"> | ||
<td>Upgrade to JDK 1.6 u41<br /> Upgrade OpenSSL to 1.0.0k<br /> Upgrade to JDK 1.7u15+<br /> Upgrade to OpenSSL 1.0.1d</td> | [https://bugzilla.zimbra.com/show_bug.cgi?id=80450 80450]<br /> | ||
[https://bugzilla.zimbra.com/show_bug.cgi?id=80131 80131]<br /> | |||
[https://bugzilla.zimbra.com/show_bug.cgi?id=80445 80445]<br /> | |||
[https://bugzilla.zimbra.com/show_bug.cgi?id=80132 80132] | |||
</td> | |||
<td style="white-space:nowrap"> | |||
Upgrade to JDK 1.6 u41<br /> | |||
Upgrade OpenSSL to 1.0.0k<br /> | |||
Upgrade to JDK 1.7u15+<br /> | |||
Upgrade to OpenSSL 1.0.1d | |||
</td> | |||
<td>[https://nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0169 CVE-2013-0169]</td> | <td>[https://nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0169 CVE-2013-0169]</td> | ||
<td>2.6</td> | <td>2.6</td> | ||
Line 103: | Line 245: | ||
<td>5.0</td> | <td>5.0</td> | ||
<td>Critical</td> | <td>Critical</td> | ||
<td>6.0.16_Patch<br /> 7.1.1_Patch6<br /> 7.1.3_Patch3<br /> 7.2.2_Patch2<br /> 7.2.3<br /> 8.0.2_Patch<br /> 8.0.3</td> | <td style="white-space:nowrap">6.0.16_Patch<br /> 7.1.1_Patch6<br /> 7.1.3_Patch3<br /> 7.2.2_Patch2<br /> 7.2.3<br /> 8.0.2_Patch<br /> 8.0.3</td> | ||
<td>Private</td> | <td>Private</td> | ||
</tr> | </tr> | ||
Line 118: | Line 260: | ||
<td>[https://bugzilla.zimbra.com/show_bug.cgi?id=75424 75424]</td> | <td>[https://bugzilla.zimbra.com/show_bug.cgi?id=75424 75424]</td> | ||
<td>Upgrade to Clamav 0.97.5</td> | <td>Upgrade to Clamav 0.97.5</td> | ||
<td>[https://nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1457 CVE-2012-1457]<br /> [https://nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1458 CVE-2012-1458]<br /> [https://nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1459 CVE-2012-1459]</td> | <td> | ||
[https://nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1457 CVE-2012-1457]<br /> [https://nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1458 CVE-2012-1458]<br /> [https://nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1459 CVE-2012-1459] | |||
</td> | |||
<td>4.3<br />4.3<br />4.3</td> | <td>4.3<br />4.3<br />4.3</td> | ||
<td>Minor</td> | <td>Minor</td> |
Revision as of 22:08, 11 December 2015
Zimbra Security Advisories
Overview
The following Security Vulnerabilities have been fixed and released in recent versions of Zimbra Collaboration software. For the latest release and patches, please be sure to update your Zimbra Collaboration servers with the software available on our Download pages:
- Zimbra Collaboration - Network Edition: https://www.zimbra.com/downloads/ne-downloads.html
- Zimbra Collaboration - Open-Source Edition: https://www.zimbra.com/downloads/os-downloads.html
Zimbra Collaboration - Security Vulnerability Advisories
(going back to ZCS 7.1.3)
Bug# | Summary | CVE-ID | CVSS Score |
Zimbra Rating |
Fix Release or Patch Version |
Reporter |
---|---|---|---|---|---|---|
- | CVE-2015-7609 |
6.4 |
Major | 8.6.0 Patch5 | - | |
- | CVE-2015-2249 | 3.5 | Minor | 8.6.0 Patch5 | - | |
99236 | - | CVE-2012-5881 CVE-2012-5882 CVE-2012-5883 |
4.3 | Minor | 8.6.0 Patch5 | - |
- | CVE-2015-2249 | 4.3 | Minor | 8.6.0 Patch2 | - | |
97625 | - | CVE-2015-2230 | 3.5 | Minor | 8.6.0 Patch2 | - |
96105 | - | CVE-2014-8563 | 5.8 | Major |
8.0.9 |
- |
83547 | - | CVE-2015-6541 | 5.8 | Major | 8.5.0 | - |
- |
CVE-2014-5500 | 4.3 | Minor |
8.0.8 |
- | |
83550 | CWE-384: Session Fixation | CVE-2013-5119 | 5.8 | Major | 8.5.0 | - |
91484 | Patch ZCS8 OpenSSL for CVE-2014-0224 | CVE-2014-0224 | 6.8 | Major | Upstream | |
88708 | Patch ZCS8 OpenSSL for CVE-2014-0160 | CVE-2014-0160 | 5.0 | Major |
8.0.3+ Patch |
Upstream |
85499 | Upgrade to OpenSSL 1.0.1f | CVE-2013-4353 CVE-2013-6449 CVE-2013-6450 |
4.3 4.3 5.8 |
Major | 8.0.7 | Upstream |
84547 | Critical Vulnerability | CVE-2013-7217 | 10.0 6.4 |
Critical | 7.2.2_Patch3 7.2.3_Patch 7.2.4_Patch2 7.2.5_Patch 7.2.6 8.0.3_Patch3 8.0.4_Patch2 8.0.5_Patch 8.0.6 |
Private |
85478 | XSS vulnerability in message view | - | 6.4 | Major | 8.0.7 |
Alban Diquet |
85411 | Local root privilege escalation | - | 6.2 | Major | 8.0.7 | Matthew David |
85000 | Patch nginx for CVE-2013-4547 | CVE-2013-4547 | 7.5 | Major | 7.2.7 8.0.7 |
Upstream |
Upgrade to JDK 1.6 u41 |
CVE-2013-0169 | 2.6 | Minor | 7.2.3 7.2.3 8.0.3 8.0.3 |
Upstream | |
80338 | Local file inclusion via skin/branding feature | CVE-2013-7091 | 5.0 | Critical | 6.0.16_Patch 7.1.1_Patch6 7.1.3_Patch3 7.2.2_Patch2 7.2.3 8.0.2_Patch 8.0.3 |
Private |
77655 | Separate keystore for CAs used for X509 authentication | - | 5.8 | Major | 8.0.7 | Private |
75424 | Upgrade to Clamav 0.97.5 | 4.3 4.3 4.3 |
Minor | 7.2.1 | Upstream | |
64981 | Do not allow HTTP GET for login | - | 6.8 | Major | 7.1.3_Patch 7.1.4 |
Private |
Try Zimbra
Try now Zimbra Collaboration without any cost with the 60-day free Trial.
Get it now »
Want to get involved?
You can contribute in the Community, in the Wiki, in the Code, or developing Zimlets.
Find out more. »
Other Help Resources
Visit the User Help Page »
Visit the Official Forums »
Zimbra Documentation Page »
Looking for a Video?
Visit our YouTube Channel to keep posted about Webinars, technology news, Product overviews and more.
Go to the YouTube Channel »