Page 1 of 1

Critical vulnerabilities in all BES installations prior BES 5.0.4 MR2

Posted: Mon Feb 18, 2013 7:51 am
by aiko
Please update to BES 5.0.4 MR2 as soon as this bug is fixed:

https://bugzilla.zimbra.com/show_bug.cgi?id=78414

(Summary: "Official support for BES 5.0.4")
There are also some workarounds mentioned. They look like doing a snapshot before is a good idea. :)
Please, have a look at those pages for more details:

BlackBerry Enterprise Server vulnerable to dangerous TIFFs - The H Security: News and Features

KB33425-BSRT-2013-003 Vulnerabilities in BlackBerry Enterprise Server components that process images could allow remote code execution
Kind regards and happy patching,

Aiko