Daffodil Migration Patch: Assist Users in Moving to Daffodil This patch has newly added functions that will aid in the upgrade/migration process to Daffodil. To safeguard your system, we recommend you always upgrade to the latest patch and regularly refer to our blog and the Zimbra Security Center for steps to ensure your system is safe. Patch Release […]
Archive | Security & Privacy
Zimbra not affected by NGINX CVE-2023-44487
Recently a number of partners have asked if Zimbra is affected by NGINX CVE-2023-44487. When we take a look at the NGINX blog post on CVE-2023-44487 it mentions the following: …it is essential that the following updates are made to NGINX configuration files, minimizing the server’s attack surface: keepalive_requests should be kept at the default […]
What are the benefits of using Zimbra OpenSSL in FIPS mode?
If you installed or upgraded to Zimbra version 9.0.0.P34, 8.8.15.P41, 10.0.2 or higher, Zimbra will use OpenSSL 3.0.x and FIPS compliance for OpenSSL will be enabled by default. To check if your Zimbra OpenSSL is using FIPS you can run the following command, that should fail with Error setting digest: /opt/zimbra/common/bin/openssl md5 /dev/null There are […]
Patch for Zimbra Daffodil 10.0.4, 9.0.0 Patch-36 & 8.8.15 Patch-43
Guarding Against XSS: Security Update This Patch Release is for the following editions Daffodil 10.0.4 9.0.0 Kelper Patch 36 8.8.15 Joule Patch 43 This notification is published ahead of the actual release to enable administrators to schedule time to install the patch. The patch has been released on Wednesday (13 Sept). The steps for installing […]
Zimbra Security Update CVE-2023-41106
A one-click security vulnerability in all versions of Zimbra Collaboration Suite has been discovered that could allow an unauthenticated attacker to gain access to a Zimbra account. To fix this vulnerability install the latest Zimbra patch (by using apt or yum), the vulnerability is fixed in: Daffodil 10.0.3 9.0.0 Kepler Patch 35 8.8.15 Joule Patch […]
Review your Zimbra configuration after updating to the latest patch
It has come to our attention that in some cases postconf settings are not retained when updating to the latest patch (9.0.0.P34, 8.8.15.P41, 10.0.2). Make sure to re-apply any customizations, including TLS cipher configurations you had previously configured using the postconf command. In addition, the latest patch also enabled OpenSSL in FIPS mode, more details […]