Zimbra Collaboration 8.7.11 Patch 1 Available, Includes Security Fixes

A patch has been issued for 8.7.11 GA release that includes security fixes as listed in the release notes.

Download the Patch

Please do a full backup or snapshot before installing this patch. You can download the patch, MD5 and SHA 256 files here:

Please read the release notes here.

Security Fixes

Information about security fixes, security response policy and vulnerability rating classification are listed below. See Zimbra Security Response Policy and Zimbra Vulnerability Rating Classification information below for details.

 

Bug# Summary CVE-ID CVSS
Score
Zimbra
Rating
108265 Persistent XSS CWE-79 CVE-2017-17703 4.3 Minor
107925 Persistent XSS CWE-79 CVE-2017-8802 3.5 Minor
108786 Persistent XSS CWE-79 CVE-2018-6882 4.3 Minor

Before installing the patch, consider the following:

  • Zimbra Collaboration patches can be found at https://www.zimbra.com/downloads/zimbra-collaboration.
  • Patches are delivered as a TGZ file and are cumulative.
  • A full backup should be performed before any patch is applied. There is no automated roll-back mechanism.
  • Zimlet patches can include removing existing Zimlets and redeploying the patched Zimlet.
  • Only files or Zimlets associated with installed packages will be installed from the patch.
  • Switch to user zimbra before using ZCS CLI commands.

 

2 Responses to Zimbra Collaboration 8.7.11 Patch 1 Available, Includes Security Fixes

  1. javier March 21, 2018 at 2:33 PM #

    como puedo obtener una ayuda para un inconveniente con el correo en el movil

    • Gayle Billat March 27, 2018 at 4:01 PM #

      Hi Javier – please contact your email service provider or your Zimbra administrator. Thanks.

Leave a Reply