Notifications
Clear all

CVE-2022-41352


Aynur Yilmaz
(@aynur-yilmaz)
Joined: 10 months ago
Posts: 8
Topic starter  

Hello,

The latest Patch 27 is out, but on Zextras' site it shows Latest Version: 9.0.0p25.

What should we do about the vulnerability?

https://github.com/Cr4ckC4t/cve-2022-41352-zimbra-rce

Our customers want Patch 27 to be passed. What should we answer in this situation?

Is there a more recent version?

[zimbra@mail ~]$ zmcontrol -v
Release 9.0.0_ZEXTRAS_20220713.RHEL8_64_20220705100452 RHEL8_64 FOSS edition.

Thanks.


Quote
Md. Shariful Islam
(@shariful-islam)
Admin
Joined: 6 months ago
Posts: 129
 
Posted by: @aynur-yilmaz

The latest Patch 27 is out, but on Zextras' site it shows Latest Version: 9.0.0p25.

What should we do about the vulnerability?

https://github.com/Cr4ckC4t/cve-2022-41352-zimbra-rce

Our customers want Patch 27 to be passed. What should we answer in this situation?

@aynur-yilmaz

Hi,

Thank you for writing us your concerns.

We have forwarded this to our dev team. Please stay with us and we will keep you posted as soon as we get any update.

Thank you for your patience and understanding.

Thanks and regards,

Sharif


ReplyQuote
jasgg_it
(@jasgg_it)
Joined: 10 months ago
Posts: 20
 
Posted by: @aynur-yilmaz

Hello,

The latest Patch 27 is out, but on Zextras' site it shows Latest Version: 9.0.0p25.

What should we do about the vulnerability?

https://github.com/Cr4ckC4t/cve-2022-41352-zimbra-rce

Our customers want Patch 27 to be passed. What should we answer in this situation?

Is there a more recent version?

[zimbra@mail ~]$ zmcontrol -v
Release 9.0.0_ZEXTRAS_20220713.RHEL8_64_20220705100452 RHEL8_64 FOSS edition.

Thanks.

Hello, if I'm not mistaken, this is addressed by Zimbras itself on its site.

 

You need only to install PAX pkg onto the server.

Nevertheless, Zextras should release the patches, but if I'm not mistaken with the release of Cabonio CE, they will gradually, or not, shut down this fork

Just my thought.

JG


ReplyQuote