Hi
Im on Zimbra 8.8.10, on Centos7.
I thought this was the last free version. IDK.
No further updates of zimbra are available via 'yum update'
(Package zimbra-common-core-jar-8.8.10.1554634214-1.r7.x86_64 already installed and latest version)
I received a note from the abuse service at Hetzner where I run my mailserver, which says:
------------8<-----------
Researchers from DIVD (https://divd.nl) have identified a **potentially vulnerable** Zimbra Collaboration (ZCS) instance within your network. We have not performed any active testing to confirm whether the instance is vulnerable; instead, our assessment is based on the fact that your HTTP instance reports an outdated version of Zimbra, which may be susceptible to a known vulnerability in the postjournal service. This vulnerability is identified as CVE-2024-45519 and could potentially allow unauthenticated users to execute commands remotely.
>
> Zimbra has released multiple patches to address this vulnerability. You can find the advisory and the patches at the Zimbra Security Center: https://wiki.zimbra.com/wiki/Security_Center
------------8<-----------
Can anyone suggest/advise a relatively painless way forward?
thanks,
Im on Zimbra 8.8.10, on Centos7.
I thought this was the last free version. IDK.
No further updates of zimbra are available via 'yum update'
(Package zimbra-common-core-jar-8.8.10.1554634214-1.r7.x86_64 already installed and latest version)
I received a note from the abuse service at Hetzner where I run my mailserver, which says:
------------8<-----------
Researchers from DIVD (https://divd.nl) have identified a **potentially vulnerable** Zimbra Collaboration (ZCS) instance within your network. We have not performed any active testing to confirm whether the instance is vulnerable; instead, our assessment is based on the fact that your HTTP instance reports an outdated version of Zimbra, which may be susceptible to a known vulnerability in the postjournal service. This vulnerability is identified as CVE-2024-45519 and could potentially allow unauthenticated users to execute commands remotely.
>
> Zimbra has released multiple patches to address this vulnerability. You can find the advisory and the patches at the Zimbra Security Center: https://wiki.zimbra.com/wiki/Security_Center
------------8<-----------
Can anyone suggest/advise a relatively painless way forward?
thanks,
Statistics: Posted by sanddweller — Fri Oct 11, 2024 1:02 pm