ZCS 8.0.7 has been rebuilt to include fix for OpenSSL Heartbleed Vulnerability

Official Zimbra news, events, releases, and updates.
2610thom
Posts: 16
Joined: Fri Sep 12, 2014 11:27 pm

ZCS 8.0.7 has been rebuilt to include fix for OpenSSL Heartbleed Vulnerability

Postby 2610thom » Fri Apr 11, 2014 3:21 pm

Zimbra Collaboration Suite 8.0.7 - both the Network Edition and Open-Source Edition - have been rebuilt to include the fix for the OpenSSL Heartbleed Vulnerability.
If you haven't yet upgraded to 8.0.7, the current versions up on the Download site now disable TLS Heartbeat and protect against the OpenSSL Heartbleed Vulnerability:



  • Network Edition: Zimbra - Products: Network Edition Server Trial License Key

  • Open-Source Edition: Zimbra - Products: Zimbra Collaboration Server - Open Source Edition



In short:




There are a few ways you can confirm:
1. Check your version tarball for the build number 6021. For example:
[URL=http://files2.zimbra.com/downloads/8.0.7_GA/zcs-NETWORK-8.0.7_GA_6021.RHEL6_64.20140408123937.tgz"]
6021.RHEL6_64.20140408123937.tgz[/URL">
2
. Check zmcontrol for the build number:
# su - zimbra
$ zmcontrol -v
Release 8.0.7_GA_6021.RHEL6_64_20140408123937 RHEL6_64 NETWORK edition.
3. Check the libssl shared library
Vulnerable:
$ strings /opt/zimbra/openssl/lib/libssl.so | grep dtls1_heartbeat
dtls1_heartbeat
$
Not Vulnerable:
$ strings /opt/zimbra/openssl/lib/libssl.so | grep dtls1_heartbeat
$
Please let us know if you have any questions.



Return to “Announcements”

Who is online

Users browsing this forum: No registered users and 3 guests