Zimbra Security Advisories

Revision as of 05:30, 8 July 2016 by Plobbes (talk | contribs) (Updates for ZCS 8.7.0 release and other whitespace cleanup along with a few CWE references)
The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.

Zimbra Security Advisories

Overview

The following Security Vulnerabilities have been fixed and released in recent versions of Zimbra Collaboration software. For the latest release and patches, please be sure to update your Zimbra Collaboration servers with the software available on our Download pages:

Zimbra Collaboration - Security Vulnerability Advisories

(going back to ZCS 7.1.3)

Bug# Summary CVE-ID CVSS
Score
Zimbra
Rating
Fix Release or
Patch Version
Reporter
105001
105174
- CVE-2016-5721 4.3
2.1
Minor 8.7.0 Secu
104552
104703
- CVE-2016-3999 4.3 Minor 8.7.0 Nam Habach
104477 - CVE-2016-4019 4.3 Minor 8.7.0 Zimbra
104294
104456
- CVE-2016-3406 2.6 Minor 8.7.0 Zimbra
104222
104910
105071
105175
- CVE-2016-3407 4.3
3.5
4.3
2.1
Minor 8.7.0 Zimbra
103997
104413
104414
104777
104791
- CVE-2016-3412 3.5 Minor 8.7.0 Zimbra
103996 - CVE-2016-3413 2.6 Minor 8.7.0 Zimbra
103961
104828
- CVE-2016-3405 4.3 Minor 8.7.0 Zimbra
103959 - CVE-2016-3404 4.3 Minor 8.7.0 Zimbra
103956
103995
104475
104838
104839
- CVE-2016-3410 4.3 Minor 8.7.0 Zimbra
103609 - CVE-2016-3411 3.5 Minor 8.7.0 Zimbra
102637 - CVE-2016-3409 4.3 Minor 8.7.0 Peter Nguyen
102276 CWE-502 CVE-2016-3415 5.8 Major 8.7.0 Zimbra
102227 CWE-502 n/a 7.5 Major 8.7.0 Upstream, see
CVE-2015-4852
102029 - CVE-2016-3414 4.0 Minor 8.6.0 Patch7
8.7.0
Zimbra
101813 - CVE-2016-3408 4.3 Minor 8.7.0 Volexity
100899 - CVE-2016-3403 6.8 Major 8.7.0 Sysdream
99810 - CVE-2016-3401 3.5 Minor 8.7.0 Zimbra
99167 - CVE-2016-3402 2.6 Minor 8.7.0 Zimbra
101435
101436
Persistent XSS CWE-79 CVE-2015-7609 6.4
(2.3)
Major 8.6.0 Patch5
8.7.0
Fortinet's FortiGuard Labs
101559
100133
99854
99914
96973
CWE-79 CVE-2015-2249 3.5 Minor 8.6.0 Patch5
8.7.0
Zimbra
99236 XSS Vuln in YUI components in ZCS CVE-2012-5881
CVE-2012-5882
CVE-2012-5883
4.3 Minor 8.6.0 Patch5 Upstream
98358
98216
98215
Non-Persistent XSS CWE-79 CVE-2015-2249 4.3 Minor 8.6.0 Patch2
8.7.0
Cure53
97625 Reflected XSS CWE-79 CVE-2015-2230 3.5 Minor 8.6.0 Patch2 MWR InfoSecurity
96105 Improper Input Validation CWE-20 CVE-2014-8563 5.8 Major 8.0.9
8.5.1
8.6.0
 -
83547 CSRF Vulnerability CWE-352 CVE-2015-6541 5.8 Major 8.5.0 iSEC Partners, Sysdream
87412
92825
92833
92835
XSS Vulnerabilities CWE-79
(8.0.7 Patch
contains 87412)
CVE-2014-5500 4.3 Minor 8.0.8
8.5.0
 -
83550 Session Fixation CWE-384 CVE-2013-5119 5.8 Major 8.5.0
91484 Patch ZCS8 OpenSSL for CVE-2014-0224 CVE-2014-0224 6.8 Major 8.0.3+Patch
8.0.4+Patch
8.0.5+Patch
8.0.6+Patch
8.0.7+Patch
Upstream
88708 Patch ZCS8 OpenSSL for CVE-2014-0160 CVE-2014-0160 5.0 Major 8.0.3+Patch
8.0.4+Patch
8.0.5+Patch
8.0.6+Patch
8.0.7+Patch
8.0.7
Upstream
85499 Upgrade to OpenSSL 1.0.1f CVE-2013-4353
CVE-2013-6449
CVE-2013-6450
4.3
4.3
5.8
Major 8.0.7 Upstream
84547 Critical Vulnerability CVE-2013-7217 10.0
6.4
Critical 7.2.2_Patch3
7.2.3_Patch
7.2.4_Patch2
7.2.5_Patch
7.2.6
8.0.3_Patch3
8.0.4_Patch2
8.0.5_Patch
8.0.6
Private
85478 XSS vulnerability in message view - 6.4 Major 8.0.7 Alban Diquet
of iSEC Partners
85411 Local root privilege escalation - 6.2 Major 8.0.7 Matthew David
85000 Patch nginx for CVE-2013-4547 CVE-2013-4547 7.5 Major 7.2.7
8.0.7
Upstream

80450
80131
80445
80132

Upgrade to JDK 1.6 u41
Upgrade OpenSSL to 1.0.0k
Upgrade to JDK 1.7u15+
Upgrade to OpenSSL 1.0.1d
CVE-2013-0169 2.6 Minor 7.2.3
7.2.3
8.0.3
8.0.3
Upstream
80338 Local file inclusion via skin/branding feature CVE-2013-7091 5.0 Critical 6.0.16_Patch
7.1.1_Patch6
7.1.3_Patch3
7.2.2_Patch2
7.2.3
8.0.2_Patch
8.0.3
Private
77655 Separate keystore for CAs used for X509 authentication - 5.8 Major 8.0.7 Private
75424 Upgrade to Clamav 0.97.5 CVE-2012-1457
CVE-2012-1458
CVE-2012-1459
4.3
4.3
4.3
Minor 7.2.1 Upstream
64981 Do not allow HTTP GET for login - 6.8 Major 7.1.3_Patch
7.1.4
Private

Try Zimbra

Try now Zimbra Collaboration without any cost with the 60-day free Trial.
Get it now »

Want to get involved?

You can contribute in the Community, in the Wiki, in the Code, or developing Zimlets.
Find out more. »

Looking for a Video?

Visit our YouTube Channel to keep posted about Webinars, technology news, Product overviews and more.
Go to the YouTube Channel »


Jump to: navigation, search