==================================================================== CERT-Renater Note d'Information No. 2020/VULN642 _____________________________________________________________________ DATE : 25/11/2020 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S): Systems running Zimbra versions prior to 9.0.0 Patch 9, 8.8.15 Patch 16. ===================================================================== https://blog.zimbra.com/2020/11/new-zimbra-patches-9-0-0-patch-9-and-8-8-15-patch-16/ _____________________________________________________________________ NEW Zimbra Patches: 9.0.0 Patch 9 + 8.8.15 Patch 16 By Urvi Mehta on November 24, 2020 in Product News, Product Updates, Zimbra Server Hello Zimbra Friends, Customers & Partners, Zimbra 9.0.0 “Kepler” Patch 9 and 8.8.15 “James Prescott Joule” Patch 16 are here. For Zimbra 8.8.8 and above, you don’t need to download any patch builds. The patch packages can be installed using Linux package management commands. Please refer to the respective release notes for patch installation on Red Hat and Ubuntu platforms. Note: Installing a zimbra-patch package only updates the Zimbra core packages. Zimbra 9.0.0 “Kepler” Patch 9 Patch 9 is here for the Zimbra 9.0.0 “Kepler” GA release, and it includes Security Fixes, What’s New, Fixed Issues and Known Issues as listed in the release notes. Security Fixes Summary CVE-ID CVSS Score Zimbra Rating Fix Patch Version Third party vulnerabilities in JQuery 3.4.1 CVE-2020-11022 CVE-2020-11023 6.5 Medium 9.0.0 P9 As of Patch-9, Zimbra has moved all the charts on the Administration Console from Flash-based technologies to pure JavaScript based ones. This was done as support for Flash is being sunsetted. All the charts should seamlessly work as before while not needing the Flash Player. Patch Installation Please refer to the release notes for Zimbra 9.0.0 Patch 9 installation on Red Hat and Ubuntu platforms. Zimbra 8.8.15 “James Prescott Joule” Patch 16 Patch 16 is here for the Zimbra 8.8.15 “James Prescott Joule” GA release, and it includes Security Fixes, What’s New, Fixed Issues and Known Issues as listed in the release notes. Security Fixes Summary CVE-ID CVSS Score Zimbra Rating Fix Patch Version Third party vulnerabilities in JQuery 3.4.1 CVE-2020-11022 CVE-2020-11023 6.5 Medium 8.8.15 P16 As of Patch-16, Zimbra has moved all the charts on the Administration Console from Flash-based technologies to pure JavaScript based ones. This was done as support for Flash is being sunsetted. All the charts should seamlessly work as before while not needing the Flash Player. Patch Installation Please refer to the release notes for Zimbra 8.8.15 Patch 16 installation on Red Hat and Ubuntu platforms. Take care and thanks, Your Zimbra Team ========================================================= + CERT-RENATER       |    tel : 01-53-94-20-44          + + 23/25 Rue Daviel   |    fax : 01-53-94-20-41         + + 75013 Paris        |    email:cert@support.renater.fr + =========================================================