Navigation

Zimbra Patches: 8.8.11 Patch 1 + 8.8.10 Patch 5 + 8.8.9 Patch 9

By on January 4, 2019 in Product News, Product Updates, Zimbra Server

Hello Zimbra Friends, Customers & Partners,

We have three new patches to announce:

  • Zimbra 8.8.11 “Homi Bhabha” Patch 1
  • Zimbra 8.8.10 “Konrad Zuse” Patch 5
  • Zimbra 8.8.9 “Curie” Patch 9

For 8.8.8 and above Zimbra Patches, you don’t need to download any patch builds. The Patch packages can be installed using Linux package management commands. Installing the zimbra-patch package only updates the Zimbra core packages.

Zimbra 8.8.11 “Homi Bhabha” Patch 1

Patch 1 is here for the Zimbra 8.8.11 “Homi Bhabha” GA release, and it includes fixes as listed in the release notes.

Security Fixes

Information about security fixes, security response policy and vulnerability rating classification is listed below. See the Zimbra Security Response Policy and the Zimbra Vulnerability Rating Classification information for details.

Bug# Summary CVE-ID CVSS Score Zimbra Rating Fix Release or Patch Version
109093 XXE – Chat [CWE-611] CVE-2018-20160 6.4 Major 8.8.11 Patch 1

Fixed Issues
ZCO Fixes:

  • Introduced new functionality in logging > “Report Issue”
  • Logging: Warning displayed if windows update service is disabled

Patch Installation

Please refer to the release notes for Zimbra 8.8.11 Patch 1 installation on Redhat and Ubuntu platforms.

Zimbra 8.8.10 “Konrad Zuse” Patch 5

Patch 5 is here for the Zimbra 8.8.10 “Konrad Zuse” GA release, and it includes fixes as listed in the release notes.

Security Fixes

Information about security fixes, security response policy and vulnerability rating classification is listed below. See the Zimbra Security Response Policy and the Zimbra Vulnerability Rating Classification information for details.

Bug# Summary CVE-ID CVSS Score Zimbra Rating Fix Release or Patch Version
109093 XXE – Chat [CWE-611] CVE-2018-20160 6.4 Major 8.8.10 Patch 5
109017 Non-persistent XSS – Web Client (HTML Search) [CWE-79] CVE-2018-14013 4.3 Minor 8.8.10 Patch 5

Patch Installation

Please refer to the release notes for 8.8.10 Patch 5 installation.

Zimbra 8.8.9 “Curie” Patch 9

Patch 9 is here for the Zimbra 8.8.9 “Curie” GA release, and it includes fixes as listed in the release notes.

Security Fixes

Information about security fixes, security response policy and vulnerability rating classification is listed below. See the Zimbra Security Response Policy and the Zimbra Vulnerability Rating Classification information for details.

Bug# Summary CVE-ID CVSS Score Zimbra Rating Fix Release or Patch Version
109093 XXE – Chat [CWE-611] CVE-2018-20160 6.4 Major 8.8.9 Patch 9
109017 Non-persistent XSS – Web Client (HTML Search) [CWE-79] CVE-2018-14013 4.3 Minor 8.8.9 Patch 9

Patch Installation

Please refer to the release notes for 8.8.9 Patch 9 installation.

Thank you,

Your Zimbra Team

Comments are closed.

Copyright © 2022 Zimbra, Inc. All rights reserved.

All information contained in this blog is intended for informational purposes only. Synacor, Inc. is not responsible or liable in any manner for the use or misuse of any technical content provided herein. No specific or implied warranty is provided in association with the information or application of the information provided herein, including, but not limited to, use, misuse or distribution of such information by any user. The user assumes any and all risk pertaining to the use or distribution in any form of any subject matter contained in this blog.

Legal Information | Privacy Policy | Do Not Sell My Personal Information | CCPA Disclosures