Zimbra Patches: 9.0.0 Patch 16 + 8.8.15 Patch 23

Zimbra Patch Alert

Hello Zimbra Friends, Customers & Partners,

Zimbra 9.0.0 “Kepler” Patch 16 and 8.8.15 “James Prescott Joule” Patch 23 are here.

Announcing Zimbra Video Server GA

The Zimbra Video Server is a WebRTC stream aggregator that improves Zimbra Connect’s Team performance by merging and decoding/re-encoding all streams in a meeting. Refer to the admin guide for instructions on installing the Video Server.

Security Fixes

Summary CVE-ID CVSS Score Zimbra Rating Fix Patch Version
Open Redirect Vulnerability in preauth servlet. CVE-2021-34807 6.1 Medium 9.0.0 P16
8.8.15 P23
Proxy Servlet Open Redirect Vulnerability. CVE-2021-35209 6.1 Medium 9.0.0 P16
8.8.15 P23
Stored XSS Vulnerability in ZmMailMsgView.java. CVE-2021-35208 5.4 Medium 9.0.0 P16
8.8.15 P23
Vulnerability Scanner detects Cross Site Scripting Vulnerability. CVE-2021-35207 6.1 Medium 9.0.0 P16
8.8.15 P23

Zimbra 9.0.0 “Kepler” Patch 16

Patch 16 is here for the Zimbra 9.0.0 “Kepler” GA release, and it includes Security Fixes, What’s New, Fixed Issues and Known Issues as listed in the release notes.

Please refer to the release notes for Zimbra 9.0.0 Patch 16 installation on Red Hat and Ubuntu platforms.

Zimbra 8.8.15 “James Prescott Joule” Patch 23

Patch 23 is here for the Zimbra 8.8.15 “James Prescott Joule” GA release, and it includes Security Fixes, What’s New, Fixed Issues and Known Issues as listed in the release notes.

Please refer to the release notes for Zimbra 8.8.15 Patch 23 installation on Red Hat and Ubuntu platforms.

For Zimbra 8.8.8 and above, you don’t need to download any patch builds. The patch packages can be installed using Linux package management commands. Please refer to the respective release notes for patch installation on Red Hat and Ubuntu platforms.

Note: Installing a zimbra-patch package only updates the Zimbra core packages.

Take care and thanks,
Your Zimbra Team

2 Responses to Zimbra Patches: 9.0.0 Patch 16 + 8.8.15 Patch 23

  1. Martin Wiertz July 5, 2021 at 6:50 PM #

    Hi,

    I can’t install the patch as described. V9 patch 16. Automatically of manuaal install cannot find the patch.

    • Gayle Billat July 13, 2021 at 8:32 PM #

      Hi Martin – all patch downloads are available here:
      Thanks!

Copyright © 2022 Zimbra, Inc. All rights reserved.

All information contained in this blog is intended for informational purposes only. Synacor, Inc. is not responsible or liable in any manner for the use or misuse of any technical content provided herein. No specific or implied warranty is provided in association with the information or application of the information provided herein, including, but not limited to, use, misuse or distribution of such information by any user. The user assumes any and all risk pertaining to the use or distribution in any form of any subject matter contained in this blog.

Legal Information | Privacy Policy | Do Not Sell My Personal Information | CCPA Disclosures