Notifications
Clear all

CVE-2022-41352

3 Posts
3 Users
0 Reactions
964 Views
(@aynur-yilmaz)
Joined: 3 years ago
Posts: 12
Topic starter  

Hello,

The latest Patch 27 is out, but on Zextras' site it shows Latest Version: 9.0.0p25.

What should we do about the vulnerability?

https://github.com/Cr4ckC4t/cve-2022-41352-zimbra-rce

Our customers want Patch 27 to be passed. What should we answer in this situation?

Is there a more recent version?

[zimbra@mail ~]$ zmcontrol -v
Release 9.0.0_ZEXTRAS_20220713.RHEL8_64_20220705100452 RHEL8_64 FOSS edition.

Thanks.


   
Quote
(@sharif)
Admin
Joined: 3 years ago
Posts: 593
 
Posted by: @aynur-yilmaz

The latest Patch 27 is out, but on Zextras' site it shows Latest Version: 9.0.0p25.

What should we do about the vulnerability?

https://github.com/Cr4ckC4t/cve-2022-41352-zimbra-rce

Our customers want Patch 27 to be passed. What should we answer in this situation?

@aynur-yilmaz

Hi,

Thank you for writing us your concerns.

We have forwarded this to our dev team. Please stay with us and we will keep you posted as soon as we get any update.

Thank you for your patience and understanding.

Thanks and regards,

Sharif


   
ReplyQuote
(@jasgg_it)
Joined: 3 years ago
Posts: 22
 
Posted by: @aynur-yilmaz

Hello,

The latest Patch 27 is out, but on Zextras' site it shows Latest Version: 9.0.0p25.

What should we do about the vulnerability?

https://github.com/Cr4ckC4t/cve-2022-41352-zimbra-rce

Our customers want Patch 27 to be passed. What should we answer in this situation?

Is there a more recent version?

[zimbra@mail ~]$ zmcontrol -v
Release 9.0.0_ZEXTRAS_20220713.RHEL8_64_20220705100452 RHEL8_64 FOSS edition.

Thanks.

Hello, if I'm not mistaken, this is addressed by Zimbras itself on its site.

 

You need only to install PAX pkg onto the server.

Nevertheless, Zextras should release the patches, but if I'm not mistaken with the release of Cabonio CE, they will gradually, or not, shut down this fork

Just my thought.

JG


   
ReplyQuote