Zimbra Security Patches: 9.0.0 Patch 24.1 + 8.8.15 Patch 31.1

Zimbra Patch Alert
Hello Zimbra Friends, Customers & Partners,

A new security patch has been released to further address CVE-2022-27924. This issue has been ranked as High by the Zimbra Team and we recommend that you use the most recent release available to avoid any issues.

Zimbra 9.0.0 “Kepler” Patch 24.1

Patch 24.1 has been released as a security patch for Zimbra 9.0.0.
Please refer to the release notes for Zimbra 9.0.0 Patch 24.1 installation on Red Hat and Ubuntu platforms.

Zimbra 8.8.15 “James Prescott Joule” Patch 31.1

Patch 31.1 has been released as a security patch for Zimbra 8.8.15.
Please refer to the release notes for Zimbra 8.8.15 Patch 31.1 installation on Red Hat and Ubuntu platforms.

Note:

  • For Zimbra 8.8.8 and above, you don’t need to download any patch builds. The patch packages can be installed using Linux package management commands.
  • You cannot revert to the previous Zimbra release after you upgrade to the patch.

We will continue to provide additional information if any becomes available here and on the Zimbra Security Center.

Thanks,

Your Zimbra Team

5 Responses to Zimbra Security Patches: 9.0.0 Patch 24.1 + 8.8.15 Patch 31.1

  1. Rahul May 31, 2022 at 12:36 AM #

    I am running below on “Ubuntu 16.04.6 LTS” ->

    Release 8.8.12.GA.3794.UBUNTU16.64 UBUNTU16_64 FOSS edition, Patch 8.8.12_P1 proxy.

    How do i upgrade? apt-get update/upgrade doesn’t upgrade to this patch. Which ZCS build do i need download? pls help!

  2. Riaz June 15, 2022 at 4:14 AM #

    Hello,

    we are running on “”CentOS Linux 7 (Core)” and Zimbra on 8.8.15 so do we need to upgrade..? where can we download? need your little support..

    Regards
    Riaz

  3. Cosmin June 16, 2022 at 8:41 AM #

    Hi,

    I have Centos 7 and running with Zimbra 9 Zextras release, when I run yum update I get the following packages, its confusing to wether I should upgrade or not since most of them are not from a zimbra9oss repository. They are older 8815 see this:

    zimbra-apache-components x86_64 2.0.7-1zimbra8.8b1.el7 zimbra-8815-oss 3.6 k
    zimbra-chat x86_64 4.0.2.1654677981-1.r7 zimbra-90-oss 12 M
    zimbra-clamav x86_64 0.103.3-1zimbra8.8b3.el7 zimbra-8815-oss 271 k
    zimbra-clamav-libs x86_64 0.103.3-1zimbra8.8b3.el7 zimbra-8815-oss 2.9 M
    zimbra-core-components x86_64 3.0.12-1zimbra8.8b1.el7 zimbra-90-oss 5.2 k
    zimbra-dnscache-components x86_64 1.0.3-1zimbra8.7b1.el7 zimbra-8815-oss 3.2 k
    zimbra-httpd x86_64 2.4.53-1zimbra8.7b3.el7 zimbra-8815-oss 6.5 M
    zimbra-jetty-distribution x86_64 9.4.46.v20220331-2.r7 zimbra-8815-oss 17 M
    zimbra-ldap-components x86_64 2.0.6-1zimbra8.8b1.el7 zimbra-90-oss 5.1 k
    zimbra-mta-components x86_64 1.0.15-1zimbra8.8b1.el7 zimbra-8815-oss 4.9 k
    zimbra-nginx x86_64 1.20.0-1zimbra8.8b3.el7 zimbra-8815-oss 445 k
    zimbra-openjdk x86_64 17.0.2-1zimbra8.8b1.el7 zimbra-8815-oss 160 M
    zimbra-openssl x86_64 1.1.1n-1zimbra8.7b4.el7 zimbra-8815-oss 2.1 M
    zimbra-openssl-libs x86_64 1.1.1n-1zimbra8.7b4.el7 zimbra-8815-oss 5.1 M
    zimbra-perl-mail-spamassassin x86_64 3.4.6-1zimbra8.8b3.el7 zimbra-8815-oss 835 k
    zimbra-php x86_64 7.4.27-1zimbra8.7b3.el7 zimbra-8815-oss 2.1 M
    zimbra-proxy-components x86_64 1.0.10-1zimbra8.8b1.el7 zimbra-8815-oss 3.9 k
    zimbra-spamassassin-rules x86_64 1.0.0-1zimbra8.8b5.el7 zimbra-8815-oss 271 k
    zimbra-spell-components x86_64 2.0.8-1zimbra8.8b1.el7 zimbra-8815-oss 4.1 k
    zimbra-unbound x86_64 1.11.0-1zimbra8.7b3.el7 zimbra-8815-oss 646 k
    zimbra-unbound-libs x86_64 1.11.0-1zimbra8.7b3.el7 zimbra-8815-oss 1.2 M
    zlib x86_64 1.2.7-20.el7_9 updates 90 k
    Installing for dependencies:
    zimbra-aspell-ca x86_64 2.1.5.1-1zimbra8.8b1.el7 zimbra-8815-oss 1.2 M

Copyright © 2022 Zimbra, Inc. All rights reserved.

All information contained in this blog is intended for informational purposes only. Synacor, Inc. is not responsible or liable in any manner for the use or misuse of any technical content provided herein. No specific or implied warranty is provided in association with the information or application of the information provided herein, including, but not limited to, use, misuse or distribution of such information by any user. The user assumes any and all risk pertaining to the use or distribution in any form of any subject matter contained in this blog.

Legal Information | Privacy Policy | Do Not Sell My Personal Information | CCPA Disclosures