I presume the following are an issue for Zimbra, since OpenSSL is built in. Patches have been released for OSs but I don't see anything for Zimbra
What should be done about :
I'm running 8.0.7 with OpenSSL 1.0.1h 5 Jun 2014
I presume the following are an issue for Zimbra, since OpenSSL is built in. Patches have been released for OSs but I don't see anything for Zimbra
What should be done about :
I'm running 8.0.7 with OpenSSL 1.0.1h 5 Jun 2014
In case anyone cares there's a bug open for this.
However it's progress seems rather slow even though it's been marked "critical" by Zimbra and "Severity: High" by OpenSSL
Ho hum
That's good to know, although early November does seem like quite a long time compared to how long it took the various flavours of Linux that Zimbra sits on to release updated versions of OpenSSL.
Is there a specific reason Zimbra can't use OpenSSL that's found in the repositories ?
Don't understand why this is marked as a "Answer Suggested", in any case after patches/fixes ready to deploy.
ccelis
Hi ccelis5215,
This issue will fix in the next 8.5.1 and 8.0.9, you can follow the bug here - https://bugzilla.zimbra.com/show_bug.cgi?id=96008
I don't know the exact release date, but I know that it will be soon.
Best regards.
Thanks for the update, much appreciated.
However I'm still a little concerned that OpenSSL consider this to be "Severity: High".
Can anyone here explain how serious a vulnerability this is for Zimbra ?
Users browsing this forum: Google [Bot] and 10 guests