Guarding Against XSS: Security Update This Patch Release is for the following editions Daffodil 10.0.4 9.0.0 Kelper Patch 36 8.8.15 Joule Patch 43 This notification is published ahead of the actual release to enable administrators to schedule time to install the patch. The patch has been released on Wednesday (13 Sept). The steps for installing […]
Archive | Security & Privacy
Zimbra Security Update CVE-2023-41106
A one-click security vulnerability in all versions of Zimbra Collaboration Suite has been discovered that could allow an unauthenticated attacker to gain access to a Zimbra account. To fix this vulnerability install the latest Zimbra patch (by using apt or yum), the vulnerability is fixed in: Daffodil 10.0.3 9.0.0 Kepler Patch 35 8.8.15 Joule Patch […]
Review your Zimbra configuration after updating to the latest patch
It has come to our attention that in some cases postconf settings are not retained when updating to the latest patch (9.0.0.P34, 8.8.15.P41, 10.0.2). Make sure to re-apply any customizations, including TLS cipher configurations you had previously configured using the postconf command. In addition, the latest patch also enabled OpenSSL in FIPS mode, more details […]
Patch for Zimbra Daffodil 10.0.2, 9.0.0 Patch-34 & 8.8.15 Patch-41
Security bug fixes and OpenSSL upgrade Zimbra OpenSSL now runs in FIPS-compliant mode by default. This increases security which requires no additional action on your part. However, should you run into issues, you can find steps to disable OpenSSL FIPS in the release notes. This patch upgrades OpenSSL to major version 3.0.x. To safeguard your […]
Security Update for Zimbra Collaboration Suite Version 8.8.15 CVE-2023-37580
An XSS vulnerability in Zimbra Collaboration Suite Version 8.8.15 that could potentially impact the confidentiality and integrity of your data has surfaced. We take this matter very seriously and have already taken immediate action to address the issue. Important: This vulnerability has been actively exploited, making it imperative to take immediate action. We strongly recommend […]
Sending incoming email with bad headers to Junk
Email is always evolving and recently Gmail has started to reject email with bad headers for some customers. Rejecting email with bad headers may help protect against DKIM replay attacks (more on replay attacks in an upcoming blog). When we are talking about messages with bad headers, we mean messages that are not compliant with […]