Hello,
The latest Patch 27 is out, but on Zextras' site it shows Latest Version: 9.0.0p25.
What should we do about the vulnerability?
https://github.com/Cr4ckC4t/cve-2022-41352-zimbra-rce
Our customers want Patch 27 to be passed. What should we answer in this situation?
Is there a more recent version?
[zimbra@mail ~]$ zmcontrol -v Release 9.0.0_ZEXTRAS_20220713.RHEL8_64_20220705100452 RHEL8_64 FOSS edition.
Thanks.
The latest Patch 27 is out, but on Zextras' site it shows Latest Version: 9.0.0p25.
What should we do about the vulnerability?
https://github.com/Cr4ckC4t/cve-2022-41352-zimbra-rce
Our customers want Patch 27 to be passed. What should we answer in this situation?
Hi,
Thank you for writing us your concerns.
We have forwarded this to our dev team. Please stay with us and we will keep you posted as soon as we get any update.
Thank you for your patience and understanding.
Thanks and regards,
Sharif
Hello,
The latest Patch 27 is out, but on Zextras' site it shows Latest Version: 9.0.0p25.
What should we do about the vulnerability?
https://github.com/Cr4ckC4t/cve-2022-41352-zimbra-rce
Our customers want Patch 27 to be passed. What should we answer in this situation?
Is there a more recent version?
[zimbra@mail ~]$ zmcontrol -v Release 9.0.0_ZEXTRAS_20220713.RHEL8_64_20220705100452 RHEL8_64 FOSS edition.Thanks.
Hello, if I'm not mistaken, this is addressed by Zimbras itself on its site.
You need only to install PAX pkg onto the server.
Nevertheless, Zextras should release the patches, but if I'm not mistaken with the release of Cabonio CE, they will gradually, or not, shut down this fork
Just my thought.
JG