8.8.8 P3, 8.7.11 P3 and 8.6 P10

Official Zimbra news, events, releases, and updates.
Post Reply
Klug
Ambassador
Ambassador
Posts: 2747
Joined: Mon Dec 16, 2013 11:35 am
Location: France - Drôme
ZCS/ZD Version: All of them
Contact:

8.8.8 P3, 8.7.11 P3 and 8.6 P10

Post by Klug »

Hello everybody.

It looks like it was not announced on the forum 8-/

Zimbra released three patches on May 10, for all three supported ZCS versions.

Zimbra Collaboration 8.8.8 Patch 3
Patch 3 has been issued for 8.8.8 GA release that includes fixes as listed in the release notes.

Fixed Issues (Bugzilla query)
[bug]108948[/bug] Admin console shows chat service as “Stopped” and if admin starts the service, chat becomes unusable
[bug]108506[/bug] Different date shown for Recurring Appointment Instance

Patch Installation
For 8.8.8 Patches, you don’t need to download any patch builds. 8.8.8 Patch packages can be installed by using Linux package management commands.
Please refer to the release notes for 8.8.8 Patch 3 installation on Redhat and Ubuntu platforms.

8.8.8 Patch 3 (zimbra-patch) checks if your system is Network Edition and if so adds a new Network Edition-only package repository. As a result, after 8.8.8 Patch 3 installation is completed, Network Edition customers will need to run another package update/upgrade process to obtain the updated Network Edition-only packages available from newly added package repository.

Note: This patch should be installed only on all mailbox nodes running in your environment.

Zimbra Collaboration 8.7.11 Patch 3
Patch 3 has been issued for 8.7.11 GA release that includes fixes as listed in the release notes.

Fixed Issues (Bugzilla query)
[bug]108452[/bug] EWS: Cannot create a basic meeting/appointment from Calendar app
[bug]108777[/bug] Calendar read only on MacOS High Sierra with Exchange Account
[bug]108964[/bug] error during tgz import results in endless loop and memory leak

Security Fixes
Bug# Summary CVE-ID CVSS Score Zimbra Rating
[bug]108962[/bug] Account Enumeration [CWE-203] CVE-2018-10949 5.0 Major
[bug]108963[/bug] Verbose Error Messages [CWE-209] CVE-2018-10950 3.6 Minor
[bug]107948[/bug] Persistent XSS – mail addrs [CWE-79] CVE-2018-10948 3.5 Minor
[bug]108894[/bug] Redact Admin SOAP API zimbraSSLPrivateKey access [CWE-199] CVE-2018-10951 3.6 Minor

Patch Installation
Download the patch for Network Edition and Open Source Edition.
Please refer to the release notes for 8.7.11 Patch 3 installation.
Note: This patch should be installed only on all mailbox nodes running in your environment.

Zimbra Collaboration 8.6.0 Patch 10
Patch 10 has been issued for 8.6.0 GA release that includes fixes as listed in the release notes.

Security Fixes
Bug# Summary CVE-ID CVSS Score Zimbra Rating
[bug]107948[/bug] Persistent XSS – mail addrs [CWE-79] CVE-2018-10948 3.5 Minor
[bug]106811[/bug] Limited XXE [CWE-611] CVE-2016-9924 4.3 Minor
[bug]108786[/bug] Persistent XSS – content-location [CWE-79] CVE-2018-6882 4.3 Minor
[bug]97579[/bug] login CSRF protection: ZWC login form does not use a csrf token [CWE-352] CVE-2015-7610 5.8 Major
[bug]108894[/bug] Redact Admin SOAP API zimbraSSLPrivateKey access [CWE-199] CVE-2018-10951 3.6 Minor

Patch Installation
Download the patch for Network Edition and Open Source Edition.
Please refer to the release notes for 8.6.0 Patch 10 installation.
Note: This patch should be installed on all nodes running in your environment.
User avatar
DualBoot
Elite member
Elite member
Posts: 1326
Joined: Mon Apr 18, 2016 8:18 pm
Location: France - Earth
ZCS/ZD Version: ZCS FLOSS - 8.8.15 Mutli servers
Contact:

Re: 8.8.8 P3, 8.7.11 P3 and 8.6 P10

Post by DualBoot »

Hi Klug,

it was announced on the Zimbra Blog, nobody has relayed it to the forum apparently.

Regards,
Post Reply