Zimbra Collaboration 8.8.8 Patch 3
Patch 3 has been issued for 8.8.8 GA release that includes fixes as listed in the release notes.
Fixed Issues (Bugzilla query) |
|
|---|---|
| 108948 | Admin console shows chat service as “Stopped” and if admin starts the service, chat becomes unusable |
| 108506 | Different date shown for Recurring Appointment Instance |
Patch Installation
For 8.8.8 Patches, you don’t need to download any patch builds. 8.8.8 Patch packages can be installed by using Linux package management commands.
Please refer to the release notes for 8.8.8 Patch 3 installation on Redhat and Ubuntu platforms.
8.8.8 Patch 3 Change: Please Read!
8.8.8 Patch 3 (zimbra-patch) checks if your system is Network Edition and if so adds a new Network Edition-only package repository. As a result, after 8.8.8 Patch 3 installation is completed, Network Edition customers will need to run another package update/upgrade process to obtain the updated Network Edition-only packages available from newly added package repository.
Note: This patch should be installed only on all mailbox nodes running in your environment.
Zimbra Collaboration 8.7.11 Patch 3
Patch 3 has been issued for 8.7.11 GA release that includes fixes as listed in the release notes.
Fixed Issues (Bugzilla query) |
|
|---|---|
| 108452 | EWS: Cannot create a basic meeting/appointment from Calendar app |
| 108777 | Calendar read only on MacOS High Sierra with Exchange Account |
| 108964 | error during tgz import results in endless loop and memory leak |
Security Fixes
Information about security fixes, security response policy and vulnerability rating classification are listed below. See the Zimbra Security Response Policy and the Zimbra Vulnerability Rating Classification information below for details.
| Bug# | Summary | CVE-ID | CVSS Score | Zimbra Rating | Fix Release or Patch Version |
|---|---|---|---|---|---|
| 108962 | Account Enumeration [CWE-203] | CVE-2018-10949 | 5.0 | Major | 8.7.11 Patch 3 |
| 108963 | Verbose Error Messages [CWE-209] | CVE-2018-10950 | 3.6 | Minor | 8.7.11 Patch 3 |
| 107948 | Persistent XSS – mail addrs [CWE-79] | CVE-2018-10948 | 3.5 | Minor | 8.7.11 Patch 3 |
| 108894 | Redact Admin SOAP API zimbraSSLPrivateKey access [CWE-199] | CVE-2018-10951 | 3.6 | Minor | 8.7.11 Patch 3 |
Patch Installation
Download the patch for Network Edition and Open Source Edition.
Please refer to the release notes for 8.7.11 Patch 3 installation.
Note: This patch should be installed only on all mailbox nodes running in your environment.
Zimbra Collaboration 8.6.0 Patch 10
Patch 10 has been issued for 8.6.0 GA release that includes fixes as listed in the release notes.
Security Fixes
Information about security fixes, security response policy and vulnerability rating classification are listed below. See the Zimbra Security Response Policy and the Zimbra Vulnerability Rating Classification information below for details.
| Bug# | Summary | CVE-ID | CVSS Score | Zimbra Rating | Fix Release or Patch Version |
|---|---|---|---|---|---|
| 107948 | Persistent XSS – mail addrs [CWE-79] | CVE-2018-10948 | 3.5 | Minor | 8.6.0 Patch 10 |
| 106811 | Limited XXE [CWE-611] | CVE-2016-9924 | 4.3 | Minor | 8.6.0 Patch 10 |
| 108786 | Persistent XSS – content-location [CWE-79] | CVE-2018-6882 | 4.3 | Minor | 8.6.0 Patch 10 |
| 97579 | login CSRF protection: ZWC login form does not use a csrf token [CWE-352] | CVE-2015-7610 | 5.8 | Major | 8.6.0 Patch 10 |
| 108894 | Redact Admin SOAP API zimbraSSLPrivateKey access [CWE-199] | CVE-2018-10951 | 3.6 | Minor | 8.6.0 Patch 10 |
Patch Installation
Download the patch for Network Edition and Open Source Edition.
Please refer to the release notes for 8.6.0 Patch 10 installation.
Note: This patch should be installed on all nodes running in your environment.
Comments are closed.