====================================================================

                             CERT-Renater

                 Note d'Information No. 2021/VULN239
_____________________________________________________________________

DATE                : 27/04/2021

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running Zimbra versions prior to
                          9.0.0 Patch 14, 8.8.15 Patch 21.

=====================================================================
https://blog.zimbra.com/2021/04/new-zimbra-patches-9-0-0-patch-14-and-8-8-15-patch-21/
_____________________________________________________________________


NEW Zimbra Patches: 9.0.0 Patch 14 + 8.8.15 Patch 21
By Urvi Mehta on April 26, 2021 in Product News, Product Updates, Zimbra
Server


Hello Zimbra Friends, Customers & Partners,


Zimbra 9.0.0 “Kepler” Patch 14 and 8.8.15 “James Prescott Joule” Patch
21 are here.

For Zimbra 8.8.8 and above, you don’t need to download any patch builds.
The patch packages can be installed using Linux package management
commands. Please refer to the respective release notes for patch
installation on Red Hat and Ubuntu platforms.

Note: Installing a zimbra-patch package only updates the Zimbra core
packages.


Security Fixes

Summary    CVE-ID    CVSS Score    Zimbra Rating     Fix Patch Version

Upgraded ClamAV to 102.4 to avoid multiple vulnerabilities.
CVE-2020-3327  CVE-2020-3341 	7.5 	High 	9.0.0 P14
8.8.15 P21

An OpenSSL TLS server may crash if sent a maliciously crafted
renegotiation ClientHello message from a client. 	CVE-2021-3449 	5.9
Medium 	9.0.0 P14  8.8.15 P21


Zimbra 9.0.0 “Kepler” Patch 14

Patch 14 is here for the Zimbra 9.0.0 “Kepler” GA release, and it
includes Security Fixes, What’s New, Fixed Issues and Known Issues as
listed in the release notes.

Please refer to the release notes for Zimbra 9.0.0 Patch 14 installation
on Red Hat and Ubuntu platforms.


Zimbra 8.8.15 “James Prescott Joule” Patch 21

Patch 21 is here for the Zimbra 8.8.15 “James Prescott Joule” GA
release, and it includes Security Fixes, What’s New, Fixed Issues 
and
Known Issues as listed in the release notes.


Please refer to the release notes for Zimbra 8.8.15 Patch 21
installation on Red Hat and Ubuntu platforms.

Take care and thanks,
Your Zimbra Team


=========================================================
+ CERT-RENATER       |    tel : 01-53-94-20-44          +
+ 23/25 Rue Daviel   |    fax : 01-53-94-20-41          +
+ 75013 Paris        |    email:cert@support.renater.fr +
=========================================================