=====================================================================

                                CERT-Renater

                     Note d'Information No. 2023/VULN257

_____________________________________________________________________

DATE                : 23/08/2023

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running Zimbra Collaboration Suite
                            versions prior to 9.0.0 Kepler Patch 35,
                             8.8.15 Joule Patch 42, Daffodil 10.0.3.

=====================================================================
https://blog.zimbra.com/2023/08/zimbra-security-update/
_____________________________________________________________________


Zimbra Security Update CVE-2023-41106
By Barry de Graaff on August 22, 2023 in Product News, Security &
Privacy

A one-click security vulnerability in all versions of Zimbra
Collaboration Suite has been discovered that could allow an
unauthenticated attacker to gain access to a Zimbra account.

To fix this vulnerability install the latest Zimbra patch (by
using apt or yum), the vulnerability is fixed in:

     Daffodil 10.0.3
     9.0.0 Kepler Patch 35
     8.8.15 Joule Patch 42

In case you are unable to install the latest patch, you can
obtain manual mitigation steps via Zimbra Support.


=========================================================
+ CERT-RENATER        |    tel : 01-53-94-20-44         +
+ 23/25 Rue Daviel    |    fax : 01-53-94-20-41         +
+ 75013 Paris         |   email:cert@support.renater.fr +
=========================================================