Navigation

Important Read – Critical Security Advisory & Patch for OpenSSL Heartbleed Vulnerability

By on April 10, 2014 in Product News, Company News, Open Source, Security & Privacy
On April 7, the OpenSSL project issued a Security Advisory that detailed a serious vulnerability in the encryption software in use by two-thirds of the Internet. This vulnerability (nicknamed “Heartbleed”) could potentially allow attackers to retrieve information from encrypted SSL endpoints, including passwords and other credential information.

Learn more about the “Heartbleed” security threat from this link:

http://gigaom.com/2014/04/08/heres-everything-you-need-to-know-about-the-heartbleed-web-security-flaw/

Zimbra’s security team reacted quickly, issuing a patch for the “Heartbleed” threat within a few hours. The “Heartbleed” patch supports a generation of new SSL certificates and other remedies. We strongly recommend application of the “Heartbleed” patch IMMEDIATELY. After application of the patch, as a precautionary measure, we strongly recommend system-wide password resets.

Get the patch here:

https://www.zimbra.com/forums/announcements/70921-critical-security-advisory-patch-openssl-heartbleed-vulnerability.html

If 3rd party applications have been integrated with the Zimbra platform, we suggest revising the credentials on those applications, then logging out and back into those applications, as a precaution.

If you have any questions, please reach out to Zimbra Support, or reply to this post or other related posts. Zimbra is always happy to help you manage and react to threats and others issues.

4 Responses to Important Read – Critical Security Advisory & Patch for OpenSSL Heartbleed Vulnerability

  1. Nick April 11, 2014 at 12:47 PM #

    Please excuse me, but I’ve been actively searching and have not found whether or not Release 8.0.7_GA_6021.RHEL6_64_20140408123911 has had the patch applied. Could you or someone advise?

    Thank you.

  2. Tiffany Henry April 15, 2014 at 7:39 AM #

    Hi Nick,

    To answer your question – yes, 6021 does include the patch. You can view more information here: https://www.zimbra.com/forums/announcements/71042-zcs-8-0-7-has-been-rebuilt-include-fix-openssl-heartbleed-vulnerability.html

    Thanks!

    Tiffany Henry
    Zimbra

  3. Ron Whit e April 27, 2014 at 9:11 AM #

    Does the need for a patch apply to Zimbra Desktop?

Trackbacks/Pingbacks

  1. Heartbleed-Bug - Sicherheitslücke in Open SSL sorgt für Aufsehen - April 11, 2014

    […] Für Zimbra-Kunden haben wir den Heartbeat Batch nach release sofort aktualisiert – Critical Security Advisory & Patch for OpenSSL Heartbleed Vulnerability […]

Copyright © 2022 Zimbra, Inc. All rights reserved.

All information contained in this blog is intended for informational purposes only. Synacor, Inc. is not responsible or liable in any manner for the use or misuse of any technical content provided herein. No specific or implied warranty is provided in association with the information or application of the information provided herein, including, but not limited to, use, misuse or distribution of such information by any user. The user assumes any and all risk pertaining to the use or distribution in any form of any subject matter contained in this blog.

Legal Information | Privacy Policy | Do Not Sell My Personal Information | CCPA Disclosures