These updates address the OpenSSL security advisory dated October 15 and provide a partial fix for POODLE (due to the need for both client and server changes).
Zimbra Collaboration 8.0.9 and 8.5.1 update the OpenSSL libraries for nginx, OpenLDAP and Postfix to OpenSSL 1.0.1j. Mailboxd doesn’t use OpenSSL, but Zimbra Collaboration 8.6 (coming soon) should fix the issue(s).
These updates provide only a partial fix to POODLE, as TLS_FALLBACK_SCSV must be implemented on server and client sides. Keep in mind, older clients that don’t support TLS_FALLBACK_SCSV may allow protocol downgrades, to the insecure SSLv3 protocol.
Please refer to Zimbra’s wiki for guidance on disabling SSLv3, which was updated to include instruction for Zimbra Collaboration 7.x.y and should be performed as a precautionary measure regardless of software version.
Time Zone Changes
Recently, the Russian Federation passed legislation to make permanent changes to all Russian time zones. This created 11 time zones across Russia, which will be numbered in the UTC standard. The product updates provide support for the time zone changes.
Please download and install the latest versions of Zimbra Collaboration as soon as possible. Visit: zimbra.com/downloads/zimbra-collaboration