Patch 34 for ZIMBRA...
 
Notifications
Clear all

Patch 34 for ZIMBRA 9 has been released regarding global security

41 Posts
9 Users
7 Reactions
3,011 Views
(@anahuac)
Joined: 1 year ago
Posts: 310
 

I didn't got that issue in any of my servers running Z9 Zextras, but it is kinda concerning "Failed to initialize VolumeManager"?

I know this is a silly suggestion and you probably have already done it but here it goes: did you try to reboot the whole server?

 


   
ReplyQuote
(@john_doe)
Joined: 3 years ago
Posts: 61
 

@anahuac I additionally installed the pre-build package mentioned earlier.

In general I have restarted the server multiple times and IMAP is also working - only the error message is there and zmimapdctl says that imap is not running.

A bit confusing...


   
ReplyQuote
(@john_doe)
Joined: 3 years ago
Posts: 61
 

Okay someone from Zimbra forum mentioned that imapd service is deprecated for a long time. It seems that somehow my updates didn't uninstall it so I have done that manually now.


   
anahuac reacted
ReplyQuote
(@jansko)
Joined: 2 years ago
Posts: 10
 

Posted by: @john_doe

@jansko: I have tried your build as well but it also fails due to missing Onlyoffice.

How did you fixed that on your side?

The problem is that the build contains the OnlyOffice package, which is only for Zimbra 10.

The solution is to remove the dependency on OnlyOffice:

Comment out the following block in the jetty configuration files - /opt/zimbra/jetty/etc/jetty.xml & jetty.xml.in

 

    <Call id="docServerHttpsConnector" name="addConnector">
        <Arg>
            <New id="docServer" class="org.eclipse.jetty.server.ServerConnector">
                <Arg name="server">
                    <Ref refid="Server" />
                </Arg>
                <Arg name="factories">
                    <Array type="org.eclipse.jetty.server.ConnectionFactory">
                        <Item>
                            <New class="org.eclipse.jetty.server.SslConnectionFactory">
                                <Arg name="next">http/1.1</Arg>
                                <Arg name="sslContextFactory">
                                    <Ref refid="zimbraSslContextFactory" />
                                </Arg>
                            </New>
                        </Item>
                        <Item>
                            <New class="org.eclipse.jetty.server.HttpConnectionFactory">
                                <Arg name="config">
                                    <Ref refid="sslHttpConfig" />
                                </Arg>
                            </New>
                        </Item>
                    </Array>
                </Arg>
                <Set name="host"></Set>
                <Set name="port"></Set>
                <Set name="idleTimeout">60000</Set>
            </New>
        </Arg>
    </Call>

 

 

Restart Zimbra services (zmcontrol restart) - the services should start.

 


   
ReplyQuote
(@dartal)
Joined: 12 months ago
Posts: 6
 

Hello,

When new build with patch 34 for centos 7 🙁 or how can I patch it. official zimbra repos for 9.0 doesn't works, after yum update, zimbra can't start.


   
ReplyQuote
(@kordian)
Joined: 10 years ago
Posts: 8
 

Posted by: @mik

@anahuac 

I can confirm that

apt update
apt upgrade
/opt/zimbra/libexec/zmfixperms
zmcontrol restart

worked for me!

Is there any way to verify that patch34 is installed and the vulnerability for CVE-2023-38750/CVE-2023-0464 is fixed?
Because the build number will not change.

Let me confirm: you have Zimbra 9 by Zextras (what patch) installed, then you do apt update, apt upgrade, fixperm and restart and you get patch 34?
Officially Zextras version of the Zimbra is not upgradeble with apt upgrade, so how have you achieved that?
Thanks in advance for an answer.

 


   
ReplyQuote
(@anahuac)
Joined: 1 year ago
Posts: 310
 

@kordian Yep P34, but not yet P35.

I did nothing, it just worked out of the box.

 


   
ReplyQuote
 mik
(@mik)
Joined: 4 years ago
Posts: 39
 

@kordian Just like in the quote. Ubuntu still has the official zimbra apt repositories unless you removed them.


   
ReplyQuote
(@kordian)
Joined: 10 years ago
Posts: 8
 

@mik I know that. Only that the Zextras version of Zimbra 9 does not support it.
I tried and asked at Zextras.
You can read at multiple forums (also here, see page 1 of this thread, for example) that Zimbra 9 by Zextras does not support repo upgrade and you have to wait untill Zextras programmers will issue new version (was planned for end July, still not here).
When you download "zextras-latest" version, it is also still the December 2022 one.

This post was modified 11 months ago by Kordian

   
ReplyQuote
 mik
(@mik)
Joined: 4 years ago
Posts: 39
 

@kordian yet it still works in this particular case. Not saying it always works, in fact repo update broke my zimbra once in the past (glad I did a snapshot before). It sure is not the recommended way.


   
ReplyQuote
(@dvg_lab)
Joined: 2 years ago
Posts: 3
 

So, time is coming. Summer is gone, but Zimbra P34/P35 didn't take place. I try to ask one more time.. when we can get a fresh bugfix release of Zimbra from Zextras? It was promised in July, August, and now September here. Looks like Zimbra users are not in priority.. that's a pity.


   
jumpbee reacted
ReplyQuote
Page 3 / 3