So much reading that I'm not sure at this point so best to simply ask. Please don't flame as saying I didn't read because I have but not 100% clear.
I'm running 8.8.11 GA 3799 FOSS, do I need to patch, update, do anything? Is this version secure now?
CVE-2019-9670 being actively exploited (Hacked Server)
Re: CVE-2019-9670 being actively exploited
You can see which vulnerability is fixed or patched in which version on this overview page: https://wiki.zimbra.com/wiki/Zimbra_Security_Advisorieszim_mike wrote:I'm running 8.8.11 GA 3799 FOSS, do I need to patch, update, do anything? Is this version secure now?
I would suggest to update to the latest version in case you're unsure. Keeping the installation updated is generally a good thing in terms of security.
Re: CVE-2019-9670 being actively exploited
Thanks for the lead, I'll take a look. It took a while to get back to this because I didn't get an email about the post .
Doesn't the server or the client let you know when there are updates?
Doesn't the server or the client let you know when there are updates?
-
- Advanced member
- Posts: 173
- Joined: Sat Sep 13, 2014 12:54 am
- Location: Netherlands
- ZCS/ZD Version: Ubuntu 18.04, 8.8.15_P43
- Contact:
Re: CVE-2019-9670 being actively exploited
It doesn't seem to, to my dismayzim_mike wrote:Doesn't the server or the client let you know when there are updates?
- L. Mark Stone
- Ambassador
- Posts: 2802
- Joined: Wed Oct 09, 2013 11:35 am
- Location: Portland, Maine, US
- ZCS/ZD Version: 10.0.7 Network Edition
- Contact:
Re: CVE-2019-9670 being actively exploited
The version check script checks for new versions, so if Synacor released an 8.8.16 version of Zimbra, the version check script would notify you.
Patches are as you know repo-based, and Zimbra has committed to releasing Patches on a monthly schedule.
So apt-get update && apt list —upgradable will let you know if there are any Zimbra and/or operating system updates available.
Plus, 8.8.15 is the only supported version of Zimbra available at the moment.
Hope that helps,
Mark
Patches are as you know repo-based, and Zimbra has committed to releasing Patches on a monthly schedule.
So apt-get update && apt list —upgradable will let you know if there are any Zimbra and/or operating system updates available.
Plus, 8.8.15 is the only supported version of Zimbra available at the moment.
Hope that helps,
Mark
___________________________________
L. Mark Stone
Mission Critical Email - Zimbra VAR/BSP/Training Partner https://www.missioncriticalemail.com/
AWS Certified Solutions Architect-Associate
L. Mark Stone
Mission Critical Email - Zimbra VAR/BSP/Training Partner https://www.missioncriticalemail.com/
AWS Certified Solutions Architect-Associate
Re: CVE-2019-9670 being actively exploited
Hi
I have a problem to install the patch for this bug. when I use CLI to show my Zimbra version it displays Release 8.5.0_GA_3042.RHEL6_64_20140828192005 RHEL6_64 FOSS edition, Patch 8.5.0_P2. But when I use GUI (About) this display: 8.6.0_GA_1153.FOSS.
Please guide me on how can I solve it and what of them is correct?
Thank you so much.
I have a problem to install the patch for this bug. when I use CLI to show my Zimbra version it displays Release 8.5.0_GA_3042.RHEL6_64_20140828192005 RHEL6_64 FOSS edition, Patch 8.5.0_P2. But when I use GUI (About) this display: 8.6.0_GA_1153.FOSS.
Please guide me on how can I solve it and what of them is correct?
Thank you so much.
-
- Advanced member
- Posts: 173
- Joined: Sat Sep 13, 2014 12:54 am
- Location: Netherlands
- ZCS/ZD Version: Ubuntu 18.04, 8.8.15_P43
- Contact:
Re: CVE-2019-9670 being actively exploited
The first thing I'd try, is to just upgrade to the latest version (8.8.15 Patch-7). You can download it at zimbra.org (although I don't know why they offer that, as opposed to zimbra.com, where you have to fill out a form for the open source edition).
There are some difficulties upgrading from 8.6 to 8.7, see here. Always make a easy to restore backup, before upgrading.
There are some difficulties upgrading from 8.6 to 8.7, see here. Always make a easy to restore backup, before upgrading.
Re: CVE-2019-9670 being actively exploited
L. Mark Stone wrote:The version check script checks for new versions, so if Synacor released an 8.8.16 version of Zimbra, the version check script would notify you.
Patches are as you know repo-based, and Zimbra has committed to releasing Patches on a monthly schedule.
So apt-get update && apt list —upgradable will let you know if there are any Zimbra and/or operating system updates available.
Plus, 8.8.15 is the only supported version of Zimbra available at the moment.
Hope that helps,
Mark
Thank you so much mark.
I use " zmcontrol -v" and display zimbra 8.5.0.
but when i use GUI " about section from the top menu" display 8.6.0.
Why are the two different and which is correct?
best regard
fatemi
Re: CVE-2019-9670 being actively exploited
Whichever version of ZCS it is you should not me using it, i'd suggest you get onto the most recent 8.8.15 ASAP.