Important Read – Critical Security Advisory & Patch for OpenSSL Heartbleed Vulnerability

On April 7, the OpenSSL project issued a Security Advisory that detailed a serious vulnerability in the encryption software in use by two-thirds of the Internet. This vulnerability (nicknamed “Heartbleed”) could potentially allow attackers to retrieve information from encrypted SSL endpoints, including passwords and other credential information.

Learn more about the “Heartbleed” security threat from this link:

http://gigaom.com/2014/04/08/heres-everything-you-need-to-know-about-the-heartbleed-web-security-flaw/

Zimbra’s security team reacted quickly, issuing a patch for the “Heartbleed” threat within a few hours. The “Heartbleed” patch supports a generation of new SSL certificates and other remedies. We strongly recommend application of the “Heartbleed” patch IMMEDIATELY. After application of the patch, as a precautionary measure, we strongly recommend system-wide password resets.

Get the patch here:

https://www.zimbra.com/forums/announcements/70921-critical-security-advisory-patch-openssl-heartbleed-vulnerability.html

If 3rd party applications have been integrated with the Zimbra platform, we suggest revising the credentials on those applications, then logging out and back into those applications, as a precaution.

If you have any questions, please reach out to Zimbra Support, or reply to this post or other related posts. Zimbra is always happy to help you manage and react to threats and others issues.

4 Responses to Important Read – Critical Security Advisory & Patch for OpenSSL Heartbleed Vulnerability

  1. Nick April 11, 2014 at 12:47 PM #

    Please excuse me, but I’ve been actively searching and have not found whether or not Release 8.0.7_GA_6021.RHEL6_64_20140408123911 has had the patch applied. Could you or someone advise?

    Thank you.

  2. Tiffany Henry April 15, 2014 at 7:39 AM #

    Hi Nick,

    To answer your question – yes, 6021 does include the patch. You can view more information here: https://www.zimbra.com/forums/announcements/71042-zcs-8-0-7-has-been-rebuilt-include-fix-openssl-heartbleed-vulnerability.html

    Thanks!

    Tiffany Henry
    Zimbra

  3. Ron Whit e April 27, 2014 at 9:11 AM #

    Does the need for a patch apply to Zimbra Desktop?

Trackbacks/Pingbacks

  1. Heartbleed-Bug - Sicherheitslücke in Open SSL sorgt für Aufsehen - April 11, 2014

    […] Für Zimbra-Kunden haben wir den Heartbeat Batch nach release sofort aktualisiert – Critical Security Advisory & Patch for OpenSSL Heartbleed Vulnerability […]