Recently an SMTP Smuggling attack on Postfix was published, as mentioned by the Postfix project: Days before a 10+ day holiday break and associated production change freeze, SEC Consult has published an email spoofing attack that involves a composition of email services with specific differences in the way they handle line endings other than <CR><LF>. […]
Tag Archives | security update
Zimbra Security Update CVE-2023-41106
A one-click security vulnerability in all versions of Zimbra Collaboration Suite has been discovered that could allow an unauthenticated attacker to gain access to a Zimbra account. To fix this vulnerability install the latest Zimbra patch (by using apt or yum), the vulnerability is fixed in: Daffodil 10.0.3 9.0.0 Kepler Patch 35 8.8.15 Joule Patch […]
Zimbra not affected by critical OpenSSL issue
The OpenSSL project is releasing a critical fix for OpenSSL version 3.x. Zimbra is using OpenSSL version 1.1.1q which is an older still supported version of OpenSSL. The version in Zimbra is not affected by the fix, which means no patches are needed for Zimbra. You should install operating system security updates and other 3rd […]
Security Update – make sure to install pax/spax
All Zimbra administrators should make sure the pax package is installed on their Zimbra server. Pax is needed by Amavis to extract the contents of compressed attachments for virus scanning. If the pax package is not installed, Amavis will fall-back to using cpio, unfortunately the fall-back is implemented poorly (by Amavis) and will allow an […]
Authentication Bypass in MailboxImportServlet vulnerability
Zimbra 8.8.15 patch 33 and Zimbra 9.0.0 patch 26 contain an important security update that fixes an authentication bypass in MailboxImportServlet (CVE-2022-37042 and CVE-2022-27925). If you are running a Zimbra version that is older than Zimbra 8.8.15 patch 33 or Zimbra 9.0.0 patch 26 you should update to the latest patch as soon as possible. […]
OpenSSL July 2015 Update
On July 9, 2015, OpenSSL issued a security update to correct an issue opened by its June update. Specifically, this issue relates to alternative chains certificate forgery (CVE-2015-1793), i.e. an ability to “cause certain checks on untrusted certificates to be bypassed, such as the CA flag, enabling them to use a valid leaf certificate to act […]