The OpenSSL project is releasing a critical fix for OpenSSL version 3.x. Zimbra is using OpenSSL version 1.1.1q which is an older still supported version of OpenSSL. The version in Zimbra is not affected by the fix, which means no patches are needed for Zimbra. You should install operating system security updates and other 3rd […]
Tag Archives | security update
Security Update – make sure to install pax/spax
All Zimbra administrators should make sure the pax package is installed on their Zimbra server. Pax is needed by Amavis to extract the contents of compressed attachments for virus scanning. If the pax package is not installed, Amavis will fall-back to using cpio, unfortunately the fall-back is implemented poorly (by Amavis) and will allow an […]
Authentication Bypass in MailboxImportServlet vulnerability
Zimbra 8.8.15 patch 33 and Zimbra 9.0.0 patch 26 contain an important security update that fixes an authentication bypass in MailboxImportServlet (CVE-2022-37042 and CVE-2022-27925). If you are running a Zimbra version that is older than Zimbra 8.8.15 patch 33 or Zimbra 9.0.0 patch 26 you should update to the latest patch as soon as possible. […]
OpenSSL July 2015 Update
On July 9, 2015, OpenSSL issued a security update to correct an issue opened by its June update. Specifically, this issue relates to alternative chains certificate forgery (CVE-2015-1793), i.e. an ability to “cause certain checks on untrusted certificates to be bypassed, such as the CA flag, enabling them to use a valid leaf certificate to act […]