Zimbra Security Advisories: Difference between revisions
(updates for 83547) |
(Updates for ZCS 8.7.0 release and other whitespace cleanup along with a few CWE references) |
||
Line 25: | Line 25: | ||
<tr> | <tr> | ||
<td> | <td>[https://bugzilla.zimbra.com/show_bug.cgi?id=105001 105001] <br /> | ||
[https://bugzilla.zimbra.com/show_bug.cgi?id= | [https://bugzilla.zimbra.com/show_bug.cgi?id=105174 105174]</td> | ||
[https://bugzilla.zimbra.com/show_bug.cgi?id= | <td><!-- 79 -->-</td> | ||
</td> | <td>CVE-2016-5721</td> | ||
<td>Persistent XSS [CWE-79]</td> | <td>4.3 <br /> 2.1</td> | ||
<td>Minor</td> | |||
<td>8.7.0</td> | |||
<td>Secu</td> | |||
</tr> | |||
<tr> | |||
<td>[https://bugzilla.zimbra.com/show_bug.cgi?id=104552 104552] <br /> | |||
[https://bugzilla.zimbra.com/show_bug.cgi?id=104703 104703]</td> | |||
<td><!-- 79 -->-</td> | |||
<td>CVE-2016-3999</td> | |||
<td>4.3</td> | |||
<td>Minor</td> | |||
<td>8.7.0</td> | |||
<td>Nam Habach</td> | |||
</tr> | |||
<tr> | |||
<td>[https://bugzilla.zimbra.com/show_bug.cgi?id=104477 104477]</td> | |||
<td><!-- 601 -->-</td> | |||
<td>CVE-2016-4019</td> | |||
<td>4.3</td> | |||
<td>Minor</td> | |||
<td>8.7.0</td> | |||
<td>Zimbra</td> | |||
</tr> | |||
<tr> | |||
<td>[https://bugzilla.zimbra.com/show_bug.cgi?id=104294 104294] <br /> | |||
[https://bugzilla.zimbra.com/show_bug.cgi?id=104456 104456]</td> | |||
<td><!-- 352 -->-</td> | |||
<td>CVE-2016-3406</td> | |||
<td>2.6</td> | |||
<td>Minor</td> | |||
<td>8.7.0</td> | |||
<td>Zimbra</td> | |||
</tr> | |||
<tr> | |||
<td>[https://bugzilla.zimbra.com/show_bug.cgi?id=104222 104222] <br /> [https://bugzilla.zimbra.com/show_bug.cgi?id=104910 104910] <br /> [https://bugzilla.zimbra.com/show_bug.cgi?id=105071 105071] <br /> [https://bugzilla.zimbra.com/show_bug.cgi?id=105175 105175]</td> | |||
<td><!-- 79 -->-</td> | |||
<td>CVE-2016-3407</td> | |||
<td>4.3 <br /> 3.5 <br /> 4.3 <br /> 2.1</td> | |||
<td>Minor</td> | |||
<td>8.7.0</td> | |||
<td>Zimbra</td> | |||
</tr> | |||
<tr> | |||
<td>[https://bugzilla.zimbra.com/show_bug.cgi?id=103997 103997] <br /> [https://bugzilla.zimbra.com/show_bug.cgi?id=104413 104413] <br /> [https://bugzilla.zimbra.com/show_bug.cgi?id=104414 104414] <br /> [https://bugzilla.zimbra.com/show_bug.cgi?id=104777 104777] <br /> [https://bugzilla.zimbra.com/show_bug.cgi?id=104791 104791]</td> | |||
<td><!-- 79 -->-</td> | |||
<td>CVE-2016-3412</td> | |||
<td>3.5</td> | |||
<td>Minor</td> | |||
<td>8.7.0</td> | |||
<td>Zimbra</td> | |||
</tr> | |||
<tr> | |||
<td>[https://bugzilla.zimbra.com/show_bug.cgi?id=103996 103996]</td> | |||
<td><!-- 611 -->-</td> | |||
<td>CVE-2016-3413</td> | |||
<td>2.6</td> | |||
<td>Minor</td> | |||
<td>8.7.0</td> | |||
<td>Zimbra</td> | |||
</tr> | |||
<tr> | |||
<td>[https://bugzilla.zimbra.com/show_bug.cgi?id=103961 103961] <br /> [https://bugzilla.zimbra.com/show_bug.cgi?id=104828 104828]</td> | |||
<td><!-- 352 -->-</td> | |||
<td>CVE-2016-3405</td> | |||
<td>4.3</td> | |||
<td>Minor</td> | |||
<td>8.7.0</td> | |||
<td>Zimbra</td> | |||
</tr> | |||
<tr> | |||
<td>[https://bugzilla.zimbra.com/show_bug.cgi?id=103959 103959]</td> | |||
<td><!-- 352 -->-</td> | |||
<td>CVE-2016-3404</td> | |||
<td>4.3</td> | |||
<td>Minor</td> | |||
<td>8.7.0</td> | |||
<td>Zimbra</td> | |||
</tr> | |||
<tr> | |||
<td>[https://bugzilla.zimbra.com/show_bug.cgi?id=103956 103956] <br /> [https://bugzilla.zimbra.com/show_bug.cgi?id=103995 103995] <br /> [https://bugzilla.zimbra.com/show_bug.cgi?id=104475 104475] <br /> [https://bugzilla.zimbra.com/show_bug.cgi?id=104838 104838] <br /> [https://bugzilla.zimbra.com/show_bug.cgi?id=104839 104839]</td> | |||
<td><!-- 79 -->-</td> | |||
<td>CVE-2016-3410</td> | |||
<td>4.3</td> | |||
<td>Minor</td> | |||
<td>8.7.0</td> | |||
<td>Zimbra</td> | |||
</tr> | |||
<tr> | |||
<td>[https://bugzilla.zimbra.com/show_bug.cgi?id=103609 103609]</td> | |||
<td><!-- 79 -->-</td> | |||
<td>CVE-2016-3411</td> | |||
<td>3.5</td> | |||
<td>Minor</td> | |||
<td>8.7.0</td> | |||
<td>Zimbra</td> | |||
</tr> | |||
<tr> | |||
<td>[https://bugzilla.zimbra.com/show_bug.cgi?id=102637 102637]</td> | |||
<td><!-- 79 -->-</td> | |||
<td>CVE-2016-3409</td> | |||
<td>4.3</td> | |||
<td>Minor</td> | |||
<td>8.7.0</td> | |||
<td>Peter Nguyen</td> | |||
</tr> | |||
<tr> | |||
<td>[https://bugzilla.zimbra.com/show_bug.cgi?id=102276 102276]</td> | |||
<td>[https://cwe.mitre.org/data/definitions/502.html CWE-502]</td> | |||
<td>CVE-2016-3415</td> | |||
<td>5.8</td> | |||
<td>Major</td> | |||
<td>8.7.0</td> | |||
<td>Zimbra</td> | |||
</tr> | |||
<tr> | |||
<td>[https://bugzilla.zimbra.com/show_bug.cgi?id=102227 102227]</td> | |||
<td>[https://cwe.mitre.org/data/definitions/502.html CWE-502]</td> | |||
<td>n/a</td> | |||
<td>7.5</td> | |||
<td>Major</td> | |||
<td>8.7.0</td> | |||
<td>Upstream, see <br /> CVE-2015-4852</td> | |||
</tr> | |||
<tr> | |||
<td>[https://bugzilla.zimbra.com/show_bug.cgi?id=102029 102029]</td> | |||
<td>-</td> | |||
<td>CVE-2016-3414</td> | |||
<td>4.0</td> | |||
<td>Minor</td> | |||
<td>8.6.0 Patch7 <br /> 8.7.0</td> | |||
<td>Zimbra</td> | |||
</tr> | |||
<tr> | |||
<td>[https://bugzilla.zimbra.com/show_bug.cgi?id=101813 101813]</td> | |||
<td>-</td> | |||
<td>CVE-2016-3408</td> | |||
<td>4.3</td> | |||
<td>Minor</td> | |||
<td>8.7.0</td> | |||
<td>Volexity</td> | |||
</tr> | |||
<tr> | |||
<td>[https://bugzilla.zimbra.com/show_bug.cgi?id=100899 100899]</td> | |||
<td>-</td> | |||
<td>CVE-2016-3403</td> | |||
<td>6.8</td> | |||
<td>Major</td> | |||
<td>8.7.0</td> | |||
<td>Sysdream</td> | |||
</tr> | |||
<tr> | |||
<td>[https://bugzilla.zimbra.com/show_bug.cgi?id=99810 99810]</td> | |||
<td>-</td> | |||
<td>CVE-2016-3401</td> | |||
<td>3.5</td> | |||
<td>Minor</td> | |||
<td>8.7.0</td> | |||
<td>Zimbra</td> | |||
</tr> | |||
<tr> | |||
<td>[https://bugzilla.zimbra.com/show_bug.cgi?id=99167 99167]</td> | |||
<td>-</td> | |||
<td>CVE-2016-3402</td> | |||
<td>2.6</td> | |||
<td>Minor</td> | |||
<td>8.7.0</td> | |||
<td>Zimbra</td> | |||
</tr> | |||
<tr> | |||
<td>[https://bugzilla.zimbra.com/show_bug.cgi?id=101435 101435] <br /> [https://bugzilla.zimbra.com/show_bug.cgi?id=101436 101436]</td> | |||
<td>Persistent XSS [https://cwe.mitre.org/data/definitions/79.html CWE-79]</td> | |||
<td>CVE-2015-7609</td> | <td>CVE-2015-7609</td> | ||
<td> | <td>6.4 <br /> (2.3)</td> | ||
6.4<br /> | |||
(2.3) | |||
</td> | |||
<td>Major</td> | <td>Major</td> | ||
<td>8.6.0 Patch5</td> | <td>8.6.0 Patch5 <br /> 8.7.0</td> | ||
<td>Fortinet's FortiGuard Labs</td> | <td>Fortinet's FortiGuard Labs</td> | ||
</tr> | </tr> | ||
<tr> | <tr> | ||
<td> | <td>[https://bugzilla.zimbra.com/show_bug.cgi?id=101559 101559] <br /> [https://bugzilla.zimbra.com/show_bug.cgi?id=100133 100133] <br /> [https://bugzilla.zimbra.com/show_bug.cgi?id=99854 99854] <br /> [https://bugzilla.zimbra.com/show_bug.cgi?id=99914 99914] <br /> [https://bugzilla.zimbra.com/show_bug.cgi?id=96973 96973]</td> | ||
[https://bugzilla.zimbra.com/show_bug.cgi?id=101559 101559] | <td>[https://cwe.mitre.org/data/definitions/79.html CWE-79]</td> | ||
[https://bugzilla.zimbra.com/show_bug.cgi?id=100133 100133] | |||
[https://bugzilla.zimbra.com/show_bug.cgi?id=99854 99854] | |||
[https://bugzilla.zimbra.com/show_bug.cgi?id=99914 99914] | |||
[https://bugzilla.zimbra.com/show_bug.cgi?id=96973 96973] | |||
</td> | |||
<td>-</td> | |||
<td>CVE-2015-2249</td> | <td>CVE-2015-2249</td> | ||
<td>3.5</td> | <td>3.5</td> | ||
<td>Minor</td> | <td>Minor</td> | ||
<td>8.6.0 Patch5</td> | <td>8.6.0 Patch5 <br /> 8.7.0</td> | ||
<td> | <td>Zimbra</td> | ||
</tr> | </tr> | ||
Line 67: | Line 248: | ||
<tr> | <tr> | ||
<td> | <td>[https://bugzilla.zimbra.com/show_bug.cgi?id=98358 98358] <br /> [https://bugzilla.zimbra.com/show_bug.cgi?id=98216 98216] <br /> [https://bugzilla.zimbra.com/show_bug.cgi?id=98215 98215]</td> | ||
[https://bugzilla.zimbra.com/show_bug.cgi?id=98358 98358] | <td>Non-Persistent XSS [https://cwe.mitre.org/data/definitions/79.html CWE-79]</td> | ||
[https://bugzilla.zimbra.com/show_bug.cgi?id=98216 98216] | |||
[https://bugzilla.zimbra.com/show_bug.cgi?id=98215 98215] | |||
</td> | |||
<td>Non-Persistent XSS [CWE-79]</td> | |||
<td>CVE-2015-2249</td> | <td>CVE-2015-2249</td> | ||
<td>4.3</td> | <td>4.3</td> | ||
<td>Minor</td> | <td>Minor</td> | ||
<td>8.6.0 Patch2</td> | <td>8.6.0 Patch2 <br /> 8.7.0</td> | ||
<td>Cure53</td> | <td>Cure53</td> | ||
</tr> | </tr> | ||
Line 82: | Line 259: | ||
<tr> | <tr> | ||
<td>[https://bugzilla.zimbra.com/show_bug.cgi?id=97625 97625]</td> | <td>[https://bugzilla.zimbra.com/show_bug.cgi?id=97625 97625]</td> | ||
<td>Reflected XSS [CWE-79]</td> | <td>Reflected XSS [https://cwe.mitre.org/data/definitions/79.html CWE-79]</td> | ||
<td>CVE-2015-2230</td> | <td>CVE-2015-2230</td> | ||
<td>3.5</td> | <td>3.5</td> | ||
Line 92: | Line 269: | ||
<tr> | <tr> | ||
<td>[https://bugzilla.zimbra.com/show_bug.cgi?id=96105 96105]</td> | <td>[https://bugzilla.zimbra.com/show_bug.cgi?id=96105 96105]</td> | ||
<td>Improper Input Validation [CWE-20]</td> | <td>Improper Input Validation [https://cwe.mitre.org/data/definitions/20.html CWE-20]</td> | ||
<td>CVE-2014-8563</td> | <td>CVE-2014-8563</td> | ||
<td>5.8</td> | <td>5.8</td> | ||
<td>Major</td> | <td>Major</td> | ||
<td> | <td>8.0.9 <br /> 8.5.1<br /> 8.6.0</td> | ||
8.0.9<br /> | <td> -</td> | ||
8.5.1<br /> | |||
8.6.0 | |||
</td> | |||
<td>-</td> | |||
</tr> | </tr> | ||
<tr> | <tr> | ||
<td>[https://bugzilla.zimbra.com/show_bug.cgi?id=83547 83547]</td> | <td>[https://bugzilla.zimbra.com/show_bug.cgi?id=83547 83547]</td> | ||
<td>CSRF Vulnerability [CWE-352]</td> | <td>CSRF Vulnerability [https://cwe.mitre.org/data/definitions/352.html CWE-352]</td> | ||
<td>CVE-2015-6541</td> | <td>CVE-2015-6541</td> | ||
<td>5.8</td> | <td>5.8</td> | ||
Line 115: | Line 288: | ||
<tr> | <tr> | ||
<td> | <td>[https://bugzilla.zimbra.com/show_bug.cgi?id=87412 87412] <br /> [https://bugzilla.zimbra.com/show_bug.cgi?id=92825 92825] <br /> [https://bugzilla.zimbra.com/show_bug.cgi?id=92833 92833] <br /> [https://bugzilla.zimbra.com/show_bug.cgi?id=92835 92835]</td> | ||
[https://bugzilla.zimbra.com/show_bug.cgi?id=87412 87412] | <td>XSS Vulnerabilities [https://cwe.mitre.org/data/definitions/79.html CWE-79] <br /> (8.0.7 Patch <br /> contains [https://bugzilla.zimbra.com/show_bug.cgi?id=87412 87412])</td> | ||
[https://bugzilla.zimbra.com/show_bug.cgi?id=92825 92825] | |||
[https://bugzilla.zimbra.com/show_bug.cgi?id=92833 92833] | |||
[https://bugzilla.zimbra.com/show_bug.cgi?id=92835 92835] | |||
</td> | |||
<td> | |||
XSS Vulnerabilities [CWE-79]<br /> | |||
(8.0.7 Patch<br /> | |||
contains [https://bugzilla.zimbra.com/show_bug.cgi?id=87412 87412]) | |||
</td> | |||
<td>CVE-2014-5500</td> | <td>CVE-2014-5500</td> | ||
<td>4.3</td> | <td>4.3</td> | ||
<td>Minor</td> | <td>Minor</td> | ||
<td> | <td>8.0.8 <br /> 8.5.0</td> | ||
8.0.8<br /> | <td> -</td> | ||
8.5.0 | |||
</td> | |||
<td>-</td> | |||
</tr> | </tr> | ||
<tr> | <tr> | ||
<td>[https://bugzilla.zimbra.com/show_bug.cgi?id=83550 83550]</td> | <td>[https://bugzilla.zimbra.com/show_bug.cgi?id=83550 83550]</td> | ||
<td>Session Fixation [CWE-384]</td> | <td>Session Fixation [https://cwe.mitre.org/data/definitions/384.html CWE-384]</td> | ||
<td>[https://nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5119 CVE-2013-5119]</td> | <td>[https://nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5119 CVE-2013-5119]</td> | ||
<td>5.8</td> | <td>5.8</td> | ||
<td>Major</td> | <td>Major</td> | ||
<td>8.5.0</td> | <td>8.5.0</td> | ||
<td>-</td> | <td>- </td> | ||
</tr> | </tr> | ||
Line 153: | Line 314: | ||
<td>Major</td> | <td>Major</td> | ||
<td style="white-space:nowrap"> | <td style="white-space:nowrap"> | ||
8.0.3+[https://www.zimbra.com/forums/announcements/73677-20140606-zimbra-security-advisory-cve-2014-0224-ccs-injection-vulnerability.html Patch]<br /> 8.0.4+[https://www.zimbra.com/forums/announcements/73677-20140606-zimbra-security-advisory-cve-2014-0224-ccs-injection-vulnerability.html Patch]<br /> 8.0.5+[https://www.zimbra.com/forums/announcements/73677-20140606-zimbra-security-advisory-cve-2014-0224-ccs-injection-vulnerability.html Patch]<br /> 8.0.6+[https://www.zimbra.com/forums/announcements/73677-20140606-zimbra-security-advisory-cve-2014-0224-ccs-injection-vulnerability.html Patch]<br /> 8.0.7+[https://www.zimbra.com/forums/announcements/73677-20140606-zimbra-security-advisory-cve-2014-0224-ccs-injection-vulnerability.html Patch] | 8.0.3+[https://www.zimbra.com/forums/announcements/73677-20140606-zimbra-security-advisory-cve-2014-0224-ccs-injection-vulnerability.html Patch] <br /> 8.0.4+[https://www.zimbra.com/forums/announcements/73677-20140606-zimbra-security-advisory-cve-2014-0224-ccs-injection-vulnerability.html Patch] <br /> 8.0.5+[https://www.zimbra.com/forums/announcements/73677-20140606-zimbra-security-advisory-cve-2014-0224-ccs-injection-vulnerability.html Patch] <br /> 8.0.6+[https://www.zimbra.com/forums/announcements/73677-20140606-zimbra-security-advisory-cve-2014-0224-ccs-injection-vulnerability.html Patch] <br /> 8.0.7+[https://www.zimbra.com/forums/announcements/73677-20140606-zimbra-security-advisory-cve-2014-0224-ccs-injection-vulnerability.html Patch]</td> | ||
</td> | |||
<td>Upstream</td> | <td>Upstream</td> | ||
</tr> | </tr> | ||
Line 164: | Line 324: | ||
<td>Major</td> | <td>Major</td> | ||
<td style="white-space:nowrap"> | <td style="white-space:nowrap"> | ||
[https:// | 8.0.3+[https://www.zimbra.com/forums/announcements/73677-20140606-zimbra-security-advisory-cve-2014-0224-ccs-injection-vulnerability.html Patch] <br /> 8.0.4+[https://www.zimbra.com/forums/announcements/73677-20140606-zimbra-security-advisory-cve-2014-0224-ccs-injection-vulnerability.html Patch] <br /> 8.0.5+[https://www.zimbra.com/forums/announcements/73677-20140606-zimbra-security-advisory-cve-2014-0224-ccs-injection-vulnerability.html Patch] <br /> 8.0.6+[https://www.zimbra.com/forums/announcements/73677-20140606-zimbra-security-advisory-cve-2014-0224-ccs-injection-vulnerability.html Patch] <br /> 8.0.7+[https://www.zimbra.com/forums/announcements/73677-20140606-zimbra-security-advisory-cve-2014-0224-ccs-injection-vulnerability.html Patch] <br /> 8.0.7</td> | ||
[https:// | |||
[https:// | |||
[https:// | |||
[https:// | |||
8.0.7 | |||
</td> | |||
<td>Upstream</td> | <td>Upstream</td> | ||
</tr> | </tr> | ||
Line 176: | Line 330: | ||
<td>[https://bugzilla.zimbra.com/show_bug.cgi?id=85499 85499]</td> | <td>[https://bugzilla.zimbra.com/show_bug.cgi?id=85499 85499]</td> | ||
<td>Upgrade to OpenSSL 1.0.1f</td> | <td>Upgrade to OpenSSL 1.0.1f</td> | ||
<td>[https://nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4353 CVE-2013-4353]<br /> [https://nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6449 CVE-2013-6449]<br /> [https://nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6450 CVE-2013-6450]</td> | <td>[https://nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4353 CVE-2013-4353] <br /> [https://nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6449 CVE-2013-6449] <br /> [https://nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6450 CVE-2013-6450]</td> | ||
<td>4.3<br />4.3<br />5.8</td> | <td>4.3 <br /> 4.3 <br /> 5.8</td> | ||
<td>Major</td> | <td>Major</td> | ||
<td>8.0.7</td> | <td>8.0.7</td> | ||
Line 186: | Line 340: | ||
<td>Critical Vulnerability</td> | <td>Critical Vulnerability</td> | ||
<td>[https://nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-7217 CVE-2013-7217]</td> | <td>[https://nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-7217 CVE-2013-7217]</td> | ||
<td>10.0<br /> [https://nvd.nist.gov/cvss.cfm?calculator&version=2&vector=(AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4]</td> | <td>10.0 <br /> [https://nvd.nist.gov/cvss.cfm?calculator&version=2&vector=(AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4]</td> | ||
<td>Critical</td> | <td>Critical</td> | ||
<td>7.2.2_Patch3<br /> 7.2.3_Patch<br /> 7.2.4_Patch2<br /> 7.2.5_Patch<br /> 7.2.6<br /> 8.0.3_Patch3<br /> 8.0.4_Patch2<br /> 8.0.5_Patch<br /> 8.0.6</td> | <td>7.2.2_Patch3 <br /> 7.2.3_Patch <br /> 7.2.4_Patch2 <br /> 7.2.5_Patch <br /> 7.2.6 <br /> 8.0.3_Patch3 <br /> 8.0.4_Patch2 <br /> 8.0.5_Patch <br /> 8.0.6</td> | ||
<td>Private</td> | <td>Private</td> | ||
</tr> | </tr> | ||
Line 198: | Line 352: | ||
<td>Major</td> | <td>Major</td> | ||
<td>8.0.7</td> | <td>8.0.7</td> | ||
<td style="white-space:nowrap"> | <td style="white-space:nowrap">Alban Diquet <br /> of iSEC Partners</td> | ||
Alban Diquet<br /> of iSEC Partners | |||
</td> | |||
</tr> | </tr> | ||
<tr> | <tr> | ||
Line 217: | Line 369: | ||
<td>7.5</td> | <td>7.5</td> | ||
<td>Major</td> | <td>Major</td> | ||
<td>7.2.7<br /> 8.0.7</td> | <td>7.2.7 <br /> 8.0.7</td> | ||
<td>Upstream</td> | <td>Upstream</td> | ||
</tr> | </tr> | ||
<tr> | <tr> | ||
<td style="white-space:nowrap"> | <td style="white-space:nowrap"> | ||
[https://bugzilla.zimbra.com/show_bug.cgi?id=80450 80450]<br /> | [https://bugzilla.zimbra.com/show_bug.cgi?id=80450 80450] <br /> [https://bugzilla.zimbra.com/show_bug.cgi?id=80131 80131] <br /> [https://bugzilla.zimbra.com/show_bug.cgi?id=80445 80445] <br /> [https://bugzilla.zimbra.com/show_bug.cgi?id=80132 80132] | ||
[https://bugzilla.zimbra.com/show_bug.cgi?id=80131 80131]<br /> | |||
[https://bugzilla.zimbra.com/show_bug.cgi?id=80445 80445]<br /> | |||
[https://bugzilla.zimbra.com/show_bug.cgi?id=80132 80132] | |||
</td> | </td> | ||
<td style="white-space:nowrap"> | <td style="white-space:nowrap"> | ||
Upgrade to JDK 1.6 u41<br /> | Upgrade to JDK 1.6 u41 <br /> Upgrade OpenSSL to 1.0.0k<br /> Upgrade to JDK 1.7u15+<br /> Upgrade to OpenSSL 1.0.1d</td> | ||
Upgrade OpenSSL to 1.0.0k<br /> | |||
Upgrade to JDK 1.7u15+<br /> | |||
Upgrade to OpenSSL 1.0.1d | |||
</td> | |||
<td>[https://nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0169 CVE-2013-0169]</td> | <td>[https://nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0169 CVE-2013-0169]</td> | ||
<td>2.6</td> | <td>2.6</td> | ||
<td>Minor</td> | <td>Minor</td> | ||
<td>7.2.3<br /> 7.2.3<br /> 8.0.3<br /> 8.0.3</td> | <td>7.2.3 <br /> 7.2.3 <br /> 8.0.3 <br /> 8.0.3</td> | ||
<td>Upstream</td> | <td>Upstream</td> | ||
</tr> | </tr> | ||
Line 245: | Line 390: | ||
<td>5.0</td> | <td>5.0</td> | ||
<td>Critical</td> | <td>Critical</td> | ||
<td style="white-space:nowrap">6.0.16_Patch<br /> 7.1.1_Patch6<br /> 7.1.3_Patch3<br /> 7.2.2_Patch2<br /> 7.2.3<br /> 8.0.2_Patch<br /> 8.0.3</td> | <td style="white-space:nowrap">6.0.16_Patch <br /> 7.1.1_Patch6 <br /> 7.1.3_Patch3 <br /> 7.2.2_Patch2 <br /> 7.2.3 <br /> 8.0.2_Patch <br /> 8.0.3</td> | ||
<td>Private</td> | <td>Private</td> | ||
</tr> | </tr> | ||
Line 260: | Line 405: | ||
<td>[https://bugzilla.zimbra.com/show_bug.cgi?id=75424 75424]</td> | <td>[https://bugzilla.zimbra.com/show_bug.cgi?id=75424 75424]</td> | ||
<td>Upgrade to Clamav 0.97.5</td> | <td>Upgrade to Clamav 0.97.5</td> | ||
<td> | <td>[https://nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1457 CVE-2012-1457] <br /> [https://nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1458 CVE-2012-1458] <br /> [https://nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1459 CVE-2012-1459]</td> | ||
[https://nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1457 CVE-2012-1457]<br /> [https://nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1458 CVE-2012-1458]<br /> [https://nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1459 CVE-2012-1459] | <td>4.3 <br /> 4.3 <br /> 4.3</td> | ||
</td> | |||
<td>4.3<br />4.3<br />4.3</td> | |||
<td>Minor</td> | <td>Minor</td> | ||
<td>7.2.1</td> | <td>7.2.1</td> | ||
Line 274: | Line 417: | ||
<td>[https://nvd.nist.gov/cvss.cfm?calculator&version=2&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8]</td> | <td>[https://nvd.nist.gov/cvss.cfm?calculator&version=2&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8]</td> | ||
<td>Major</td> | <td>Major</td> | ||
<td>7.1.3_Patch<br />7.1.4</td> | <td>7.1.3_Patch <br /> 7.1.4</td> | ||
<td>Private</td> | <td>Private</td> | ||
</tr> | </tr> | ||
Line 283: | Line 426: | ||
<div class="tile zimbrared"> | <div class="tile zimbrared"> | ||
<h4>Try Zimbra</h4> | <h4>Try Zimbra</h4> | ||
<p class="text-justify"><i class="fa fa-cloud-download fa-3x pull-left"></i> Try now Zimbra Collaboration without any cost with the 60-day free Trial. <br />[https://www.zimbra.com/try/secure-collaboration-software-free-trial <span style="color:white">'''Get it now »'''</span>]</p> | <p class="text-justify"><i class="fa fa-cloud-download fa-3x pull-left"></i> Try now Zimbra Collaboration without any cost with the 60-day free Trial. <br /> [https://www.zimbra.com/try/secure-collaboration-software-free-trial <span style="color:white">'''Get it now »'''</span>]</p> | ||
</div> | </div> | ||
<div class="tile zimbraorange"> | <div class="tile zimbraorange"> | ||
<h4>Want to get involved?</h4> | <h4>Want to get involved?</h4> | ||
<p class="text-justify">You can contribute in the Community, in the Wiki, in the Code, or developing Zimlets. <br />'''Find out more. »'''</p> | <p class="text-justify">You can contribute in the Community, in the Wiki, in the Code, or developing Zimlets. <br /> '''Find out more. »'''</p> | ||
</div> | </div> | ||
<div class="tile zimbrablue"> | <div class="tile zimbrablue"> | ||
<h4>Other Help Resources</h4> | <h4>Other Help Resources</h4> | ||
<p><i class="fa fa-users"></i> [https://help.zimbra.com <span style="color:white">Visit the User Help Page »</span>]<br /><i class="fa fa-comments"></i> [https://community.zimbra.com/collaboration/ <span style="color:white">Visit the Official Forums »</span>]<br/><i class="fa fa-book"></i> [https://zimbra.com/documentation <span style="color:white">Zimbra Documentation Page »</span>]</p> | <p><i class="fa fa-users"></i> [https://help.zimbra.com <span style="color:white">Visit the User Help Page »</span>] <br /> <i class="fa fa-comments"></i> [https://community.zimbra.com/collaboration/ <span style="color:white">Visit the Official Forums »</span>] <br/> <i class="fa fa-book"></i> [https://zimbra.com/documentation <span style="color:white">Zimbra Documentation Page »</span>]</p> | ||
</div> | </div> | ||
<div class="tile zimbragrey"> | <div class="tile zimbragrey"> | ||
<h4>Looking for a Video?</h4> | <h4>Looking for a Video?</h4> | ||
<p class="text-justify"><i class="fa fa-youtube fa-3x pull-left"></i> Visit our YouTube Channel to keep posted about Webinars, technology news, Product overviews and more. <br />[https://www.youtube.com/channel/UCcB648SoNlCNvyIh4arcTGg <span style="color:white">'''Go to the YouTube Channel »'''</span>]</p> | <p class="text-justify"><i class="fa fa-youtube fa-3x pull-left"></i> Visit our YouTube Channel to keep posted about Webinars, technology news, Product overviews and more. <br /> [https://www.youtube.com/channel/UCcB648SoNlCNvyIh4arcTGg <span style="color:white">'''Go to the YouTube Channel »'''</span>]</p> | ||
</div> | </div> | ||
</div> | </div> | ||
</div> | </div> | ||
<br /> | <br /> |
Revision as of 05:30, 8 July 2016
Zimbra Security Advisories
Overview
The following Security Vulnerabilities have been fixed and released in recent versions of Zimbra Collaboration software. For the latest release and patches, please be sure to update your Zimbra Collaboration servers with the software available on our Download pages:
- Zimbra Collaboration - Network Edition: https://www.zimbra.com/downloads/ne-downloads.html
- Zimbra Collaboration - Open-Source Edition: https://www.zimbra.com/downloads/os-downloads.html
Zimbra Collaboration - Security Vulnerability Advisories
(going back to ZCS 7.1.3)
Bug# | Summary | CVE-ID | CVSS Score |
Zimbra Rating |
Fix Release or Patch Version |
Reporter |
---|---|---|---|---|---|---|
105001 105174 |
- | CVE-2016-5721 | 4.3 2.1 |
Minor | 8.7.0 | Secu |
104552 104703 |
- | CVE-2016-3999 | 4.3 | Minor | 8.7.0 | Nam Habach |
104477 | - | CVE-2016-4019 | 4.3 | Minor | 8.7.0 | Zimbra |
104294 104456 |
- | CVE-2016-3406 | 2.6 | Minor | 8.7.0 | Zimbra |
104222 104910 105071 105175 |
- | CVE-2016-3407 | 4.3 3.5 4.3 2.1 |
Minor | 8.7.0 | Zimbra |
103997 104413 104414 104777 104791 |
- | CVE-2016-3412 | 3.5 | Minor | 8.7.0 | Zimbra |
103996 | - | CVE-2016-3413 | 2.6 | Minor | 8.7.0 | Zimbra |
103961 104828 |
- | CVE-2016-3405 | 4.3 | Minor | 8.7.0 | Zimbra |
103959 | - | CVE-2016-3404 | 4.3 | Minor | 8.7.0 | Zimbra |
103956 103995 104475 104838 104839 |
- | CVE-2016-3410 | 4.3 | Minor | 8.7.0 | Zimbra |
103609 | - | CVE-2016-3411 | 3.5 | Minor | 8.7.0 | Zimbra |
102637 | - | CVE-2016-3409 | 4.3 | Minor | 8.7.0 | Peter Nguyen |
102276 | CWE-502 | CVE-2016-3415 | 5.8 | Major | 8.7.0 | Zimbra |
102227 | CWE-502 | n/a | 7.5 | Major | 8.7.0 | Upstream, see CVE-2015-4852 |
102029 | - | CVE-2016-3414 | 4.0 | Minor | 8.6.0 Patch7 8.7.0 |
Zimbra |
101813 | - | CVE-2016-3408 | 4.3 | Minor | 8.7.0 | Volexity |
100899 | - | CVE-2016-3403 | 6.8 | Major | 8.7.0 | Sysdream |
99810 | - | CVE-2016-3401 | 3.5 | Minor | 8.7.0 | Zimbra |
99167 | - | CVE-2016-3402 | 2.6 | Minor | 8.7.0 | Zimbra |
101435 101436 |
Persistent XSS CWE-79 | CVE-2015-7609 | 6.4 (2.3) |
Major | 8.6.0 Patch5 8.7.0 |
Fortinet's FortiGuard Labs |
101559 100133 99854 99914 96973 |
CWE-79 | CVE-2015-2249 | 3.5 | Minor | 8.6.0 Patch5 8.7.0 |
Zimbra |
99236 | XSS Vuln in YUI components in ZCS | CVE-2012-5881 CVE-2012-5882 CVE-2012-5883 |
4.3 | Minor | 8.6.0 Patch5 | Upstream |
98358 98216 98215 |
Non-Persistent XSS CWE-79 | CVE-2015-2249 | 4.3 | Minor | 8.6.0 Patch2 8.7.0 |
Cure53 |
97625 | Reflected XSS CWE-79 | CVE-2015-2230 | 3.5 | Minor | 8.6.0 Patch2 | MWR InfoSecurity |
96105 | Improper Input Validation CWE-20 | CVE-2014-8563 | 5.8 | Major | 8.0.9 8.5.1 8.6.0 |
- |
83547 | CSRF Vulnerability CWE-352 | CVE-2015-6541 | 5.8 | Major | 8.5.0 | iSEC Partners, Sysdream |
87412 92825 92833 92835 |
XSS Vulnerabilities CWE-79 (8.0.7 Patch contains 87412) |
CVE-2014-5500 | 4.3 | Minor | 8.0.8 8.5.0 |
- |
83550 | Session Fixation CWE-384 | CVE-2013-5119 | 5.8 | Major | 8.5.0 | - |
91484 | Patch ZCS8 OpenSSL for CVE-2014-0224 | CVE-2014-0224 | 6.8 | Major |
8.0.3+Patch 8.0.4+Patch 8.0.5+Patch 8.0.6+Patch 8.0.7+Patch |
Upstream |
88708 | Patch ZCS8 OpenSSL for CVE-2014-0160 | CVE-2014-0160 | 5.0 | Major |
8.0.3+Patch 8.0.4+Patch 8.0.5+Patch 8.0.6+Patch 8.0.7+Patch 8.0.7 |
Upstream |
85499 | Upgrade to OpenSSL 1.0.1f | CVE-2013-4353 CVE-2013-6449 CVE-2013-6450 |
4.3 4.3 5.8 |
Major | 8.0.7 | Upstream |
84547 | Critical Vulnerability | CVE-2013-7217 | 10.0 6.4 |
Critical | 7.2.2_Patch3 7.2.3_Patch 7.2.4_Patch2 7.2.5_Patch 7.2.6 8.0.3_Patch3 8.0.4_Patch2 8.0.5_Patch 8.0.6 |
Private |
85478 | XSS vulnerability in message view | - | 6.4 | Major | 8.0.7 | Alban Diquet of iSEC Partners |
85411 | Local root privilege escalation | - | 6.2 | Major | 8.0.7 | Matthew David |
85000 | Patch nginx for CVE-2013-4547 | CVE-2013-4547 | 7.5 | Major | 7.2.7 8.0.7 |
Upstream |
Upgrade to JDK 1.6 u41 Upgrade OpenSSL to 1.0.0k Upgrade to JDK 1.7u15+ Upgrade to OpenSSL 1.0.1d |
CVE-2013-0169 | 2.6 | Minor | 7.2.3 7.2.3 8.0.3 8.0.3 |
Upstream | |
80338 | Local file inclusion via skin/branding feature | CVE-2013-7091 | 5.0 | Critical | 6.0.16_Patch 7.1.1_Patch6 7.1.3_Patch3 7.2.2_Patch2 7.2.3 8.0.2_Patch 8.0.3 |
Private |
77655 | Separate keystore for CAs used for X509 authentication | - | 5.8 | Major | 8.0.7 | Private |
75424 | Upgrade to Clamav 0.97.5 | CVE-2012-1457 CVE-2012-1458 CVE-2012-1459 |
4.3 4.3 4.3 |
Minor | 7.2.1 | Upstream |
64981 | Do not allow HTTP GET for login | - | 6.8 | Major | 7.1.3_Patch 7.1.4 |
Private |
Try Zimbra
Try now Zimbra Collaboration without any cost with the 60-day free Trial.
Get it now »
Want to get involved?
You can contribute in the Community, in the Wiki, in the Code, or developing Zimlets.
Find out more. »
Other Help Resources
Visit the User Help Page »
Visit the Official Forums »
Zimbra Documentation Page »
Looking for a Video?
Visit our YouTube Channel to keep posted about Webinars, technology news, Product overviews and more.
Go to the YouTube Channel »