Important Read – Critical Security Advisory & Patch for OpenSSL Heartbleed Vulnerability

By | April 10, 2014
On April 7, the OpenSSL project issued a Security Advisory that detailed a serious vulnerability in the encryption software in use by two-thirds of the Internet. This vulnerability (nicknamed “Heartbleed”) could potentially allow attackers to retrieve information from encrypted SSL endpoints, including passwords and other credential information.

Learn more about the “Heartbleed” security threat from this link:

http://gigaom.com/2014/04/08/heres-everything-you-need-to-know-about-the-heartbleed-web-security-flaw/

Zimbra’s security team reacted quickly, issuing a patch for the “Heartbleed” threat within a few hours. The “Heartbleed” patch supports a generation of new SSL certificates and other remedies. We strongly recommend application of the “Heartbleed” patch IMMEDIATELY. After application of the patch, as a precautionary measure, we strongly recommend system-wide password resets.

Get the patch here:

https://www.zimbra.com/forums/announcements/70921-critical-security-advisory-patch-openssl-heartbleed-vulnerability.html

If 3rd party applications have been integrated with the Zimbra platform, we suggest revising the credentials on those applications, then logging out and back into those applications, as a precaution.

If you have any questions, please reach out to Zimbra Support, or reply to this post or other related posts. Zimbra is always happy to help you manage and react to threats and others issues.


Comments

  • Please excuse me, but I’ve been actively searching and have not found whether or not Release 8.0.7_GA_6021.RHEL6_64_20140408123911 has had the patch applied. Could you or someone advise?

    Thank you.

    Commented on April 11, 2014 at 12:47 pm
  • Hi Nick,

    To answer your question – yes, 6021 does include the patch. You can view more information here: https://www.zimbra.com/forums/announcements/71042-zcs-8-0-7-has-been-rebuilt-include-fix-openssl-heartbleed-vulnerability.html

    Thanks!

    Tiffany Henry
    Zimbra

    Commented on April 15, 2014 at 7:39 am
  • Does the need for a patch apply to Zimbra Desktop?

    Commented on April 27, 2014 at 9:11 am

Leave a comment

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>