Navigation

Zimbra Patches: 9.0.0 Patch 13 + 8.8.15 Patch 20

By on March 30, 2021 in Product News, Product Updates, Zimbra Server

Hello Zimbra Friends, Customers & Partners,

Zimbra 9.0.0 “Kepler” Patch 13 and 8.8.15 “James Prescott Joule” Patch 20 are here.

For Zimbra 8.8.8 and above, you don’t need to download any patch builds. The patch packages can be installed using Linux package management commands. Please refer to the respective release notes for patch installation on Red Hat and Ubuntu platforms.

Note: Installing a zimbra-patch package only updates the Zimbra core packages.

Security Fixes

Summary CVE-ID CVSS Score Zimbra Rating Fix Patch Version
Heap-based buffer overflow vulnerabilities in PHP < 7.3.10 CVE-2019-9641
CVE-2019-9640		 9.8 Critical 9.0.0 P13
8.8.15 P20
Upgraded Apache to 2.4.46 to avoid multiple vulnerabilities. CVE-2019-0211
CVE-2019-0217		 7.8 High 9.0.0 P13
8.8.15 P20

Announcing GA

The following packages are now GA:

  • OpenSSL 1.1.1h support for TLS 1.3.
  • OpenSSL 1.1.1h with FIPS module support.
  • Postfix 3.5.6 support for TLSv1.3
  • Nginx 1.19.0 support for TLSv1.3

Zimbra 9.0.0 “Kepler” Patch 13

Patch 13 is here for the Zimbra 9.0.0 “Kepler” GA release, and it includes Security Fixes, What’s New, Fixed Issues and Known Issues as listed in the release notes.
Please refer to the release notes for Zimbra 9.0.0 Patch 13 installation on Red Hat and Ubuntu platforms.

Zimbra 8.8.15 “James Prescott Joule” Patch 20

Patch 20 is here for the Zimbra 8.8.15 “James Prescott Joule” GA release, and it includes Security Fixes, What’s New, Fixed Issues and Known Issues as listed in the release notes.
Please refer to the release notes for Zimbra 8.8.15 Patch 20 installation on Red Hat and Ubuntu platforms.

Take care and thanks,
Your Zimbra Team

2 Responses to Zimbra Patches: 9.0.0 Patch 13 + 8.8.15 Patch 20

  1. Eugenio April 1, 2021 at 9:50 PM #

    Hi, I had the follow message after update to patch20 In CENTos 7.9 : “WARNING: An illegal reflective access operation has occurred
    WARNING: Illegal reflective access by org.python.google.common.base.internal.Finalizer (file:/opt/zimbra/lib/jars/jython-standalone-2.5.2.jar) to field java.lang.Thread.inheritableThreadLocals
    WARNING: Please consider reporting this to the maintainers of org.python.google.common.base.internal.Finalizer
    WARNING: Use –illegal-access=warn to enable warnings of further illegal reflective access operations
    WARNING: All illegal access operations will be denied in a future release
    stty: standard input: Inappropriate ioctl for device”

    Please any ideia ?
    Thank you

    • Gayle Billat April 13, 2021 at 7:38 PM #

      Hello Eugenio – Please ask this question in forums.zimbra.com or open a case with Zimbra Support. Thanks!

Copyright © 2022 Zimbra, Inc. All rights reserved.

All information contained in this blog is intended for informational purposes only. Synacor, Inc. is not responsible or liable in any manner for the use or misuse of any technical content provided herein. No specific or implied warranty is provided in association with the information or application of the information provided herein, including, but not limited to, use, misuse or distribution of such information by any user. The user assumes any and all risk pertaining to the use or distribution in any form of any subject matter contained in this blog.

Legal Information | Privacy Policy | Do Not Sell My Personal Information | CCPA Disclosures