====================================================================

                             CERT-Renater

                 Note d'Information No. 2020/VULN247
_____________________________________________________________________

DATE                : 06/05/2020

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running Zimbra versions prior to 9.0.0 P2.

=====================================================================
https://blog.zimbra.com/2020/05/new-zimbra-9-kepler-patch-2/
_____________________________________________________________________

NEW Zimbra 9.0.0 “Kepler” Patch 2

By Urvi Mehta on May 4, 2020 in Product News, Product Updates, Zimbra
Server


Hello Zimbra Friends, Customers & Partners,

Patch 2 is here for the Zimbra 9.0.0 “Kepler” GA release, and it
includes Security Fixes, What’s New, Fixed Issues and Known Issues
as listed in the release notes.


Security Fixes

Summary 	CVE-ID 	CVSS Score 	Zimbra Rating 	Fix Patch
                                                         Version

XSS through malicious JS embedded in Mail Message or Calendar Event
CVE-2020-11737 	3.1 	Minor 	9.0.0 P2


Patch Installation

For Zimbra 9.0.0 patches, you don’t need to download any patch builds.
The patch packages can be installed using Linux package management
commands. Please refer to the release notes for Zimbra 9.0.0 Patch 2
installation on Red Hat and Ubuntu platforms.

Note: Installing a zimbra-patch package only updates the Zimbra core
packages.


Many thanks,
Your Zimbra Team


=========================================================
+ CERT-RENATER        | tel : 01-53-94-20-44            +
+ 23/25 Rue Daviel    | fax : 01-53-94-20-41            +
+ 75013 Paris         | email:cert@support.renater.fr   +
=========================================================