====================================================================

                             CERT-Renater

                 Note d'Information No. 2021/VULN342
_____________________________________________________________________

DATE                : 01/07/2021

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running Zimbra versions prior to 9.0.0 P16,
                                           8.8.15 P23.

=====================================================================
https://blog.zimbra.com/2021/06/new-zimbra-patches-9-0-0-patch-16-and-8-8-15-patch-23/
_____________________________________________________________________


NEW Zimbra Patches: 9.0.0 Patch 16 + 8.8.15 Patch 23
By Urvi Mehta on June 28, 2021 in Product News, Product Updates, Zimbra
Server


Zimbra Patch Alert


Hello Zimbra Friends, Customers & Partners,
Zimbra 9.0.0 “Kepler” Patch 16 and 8.8.15 “James Prescott Joule” Patch
23 are here.


Announcing Zimbra Video Server GA


The Zimbra Video Server is a WebRTC stream aggregator that improves
Zimbra Connect’s Team performance by merging and decoding/re-encoding
all streams in a meeting. Refer to the admin guide for instructions on
installing the Video Server.


Security Fixes

Summary     CVE-ID    CVSS Score    Zimbra Rating    Fix Patch Version
Open Redirect Vulnerability in preauth servlet. 	CVE-2021-34807 	Under
Review 	Under Review 	9.0.0 P16    8.8.15 P23

Proxy Servlet Open Redirect Vulnerability. 	CVE-2021-35209 	Under
Review 	Under Review 	9.0.0 P16     8.8.15 P23

Stored XSS Vulnerability in ZmMailMsgView.java. 	CVE-2021-35208 	Under
Review 	Under Review 	9.0.0 P16     8.8.15 P23

Vulnerability Scanner detects Cross Site Scripting Vulnerability.
CVE-2021-35207 	Under Review 	Under Review 	9.0.0 P16
8.8.15 P23


Zimbra 9.0.0 “Kepler” Patch 16

Patch 16 is here for the Zimbra 9.0.0 “Kepler” GA release, and it
includes Security Fixes, What’s New, Fixed Issues and Known Issues as
listed in the release notes.

Please refer to the release notes for Zimbra 9.0.0 Patch 16 installation
on Red Hat and Ubuntu platforms.


Zimbra 8.8.15 “James Prescott Joule” Patch 23

Patch 23 is here for the Zimbra 8.8.15 “James Prescott Joule” GA
release, and it includes Security Fixes, What’s New, Fixed Issues and
Known Issues as listed in the release notes.

Please refer to the release notes for Zimbra 8.8.15 Patch 23
installation on Red Hat and Ubuntu platforms.

For Zimbra 8.8.8 and above, you don’t need to download any patch builds.
The patch packages can be installed using Linux package management
commands. Please refer to the respective release notes for patch
installation on Red Hat and Ubuntu platforms.

Note: Installing a zimbra-patch package only updates the Zimbra core
packages.


Take care and thanks,
Your Zimbra Team


=========================================================
+ CERT-RENATER       |    tel : 01-53-94-20-44          +
+ 23/25 Rue Daviel   |    fax : 01-53-94-20-41          +
+ 75013 Paris        |    email:cert@support.renater.fr +
=========================================================