Zimbra Security Advisories
Zimbra Security Advisories
Overview
The following Security Vulnerabilities have been fixed and released in recent versions of Zimbra Collaboration software. For the latest release and patches, please be sure to update your Zimbra Collaboration servers with the software available on our Download pages:
- Zimbra Collaboration - Network Edition: http://www.zimbra.com/downloads/ne-downloads.html#latest_8_release
- Zimbra Collaboration - Open-Source Edition: http://www.zimbra.com/downloads/os-downloads.html
Zimbra Collaboration - Security Vulnerability Advisories
(beginning with ZCS 7.1.3)
Bug Number | Summary | CVE ID | CVSS Score | Zimbra Rating Classification | Fix Release or Patch Version | Reporter |
91484 | Patch ZCS8 OpenSSL for CVE-2014-0224 | CVE-2014-0224 | 6.8 | Major | 8.0.3+Patch 8.0.4+Patch 8.0.5+Patch 8.0.6+Patch 8.0.7+Patch 8.0.7+Patch |
Upstream |
88708 | Patch ZCS8 OpenSSL for CVE-2014-0160 | CVE-2014-0160 | 5.0 | Major | 8.0.3+[/support/security/b/weblog/archive/2014/05/19/critical-security-advisory-and-builds-patches-for-the-openssl-heartbleed-vulnerability.aspx Patch] 8.0.4+[/support/security/b/weblog/archive/2014/05/19/critical-security-advisory-and-builds-patches-for-the-openssl-heartbleed-vulnerability.aspx Patch] 8.0.5+[/support/security/b/weblog/archive/2014/05/19/critical-security-advisory-and-builds-patches-for-the-openssl-heartbleed-vulnerability.aspx Patch] 8.0.6+[/support/security/b/weblog/archive/2014/05/19/critical-security-advisory-and-builds-patches-for-the-openssl-heartbleed-vulnerability.aspx Patch] 8.0.7+[/support/security/b/weblog/archive/2014/05/19/critical-security-advisory-and-builds-patches-for-the-openssl-heartbleed-vulnerability.aspx Patch] 8.0.7 |
Upstream |
85499 | Upgrade to OpenSSL 1.0.1f | CVE-2013-4353 CVE-2013-6449 CVE-2013-6450 |
4.3 4.3 5.8 |
Major | 8.0.7 | Upstream |
84547 | Critical Vulnerability | CVE-2013-7217 | 10.0 6.4 |
Critical | 7.2.2_Patch3 7.2.3_Patch 7.2.4_Patch2 7.2.5_Patch 7.2.6 8.0.3_Patch3 8.0.4_Patch2 8.0.5_Patch 8.0.6 |
Private |
85478 | XSS vulnerability in message view | - | 6.4 | Major | 8.0.7 |
Alban Diquet of iSEC Partners |
85411 | Local root privilege escalation | - | 6.2 | Major | 8.0.7 | Matthew David |
85000 | Patch nginx for CVE-2013-4547 | CVE-2013-4547 | 7.5 | Major | 7.2.7 8.0.7 |
Upstream |
80450 80131 80445 80132 |
Upgrade to JDK 1.6 u41 Upgrade OpenSSL to 1.0.0k Upgrade to JDK 1.7u15+ Upgrade to OpenSSL 1.0.1d |
CVE-2013-0169 | 2.6 | Minor | 7.2.3 7.2.3 8.0.3 8.0.3 |
Upstream |
80338 | Local file inclusion via skin/branding feature | CVE-2013-7091 | 5.0 | Critical | 6.0.16_Patch 7.1.1_Patch6 7.1.3_Patch3 7.2.2_Patch2 7.2.3 8.0.2_Patch 8.0.3 |
Private |
77655 | Separate keystore for CAs used for X509 authentication | - | 5.8 | Major | 8.0.7 | Private |
75424 | Upgrade to Clamav 0.97.5 | CVE-2012-1457 CVE-2012-1458 CVE-2012-1459 |
4.3 4.3 4.3 |
Minor | 7.2.1 | Upstream |
64981 | Do not allow HTTP GET for login | - | 6.8 | Major | 7.1.3_Patch 7.1.4 |
Private |
Try Zimbra
Try now Zimbra Collaboration without any cost with the 60-day free Trial.
Get it now »
Want to get involved?
You can contribute in the Community, in the Wiki, in the Code, or developing Zimlets.
Find out more. »
Other Help Resources
Visit the User Help Page »
Visit the Official Forums »
Zimbra Documentation Page »
Looking for a Video?
Visit our YouTube Channel to keep posted about Webinars, technology news, Product overviews and more.
Go to the YouTube Channel »