Zimbra Patches: 9.0.0 Patch 5 + 8.8.15 Patch 12

Zimbra patch-5, patch-12

Zimbra 9.0.0 “Kepler” Patch 5 and 8.8.15 “James Prescott Joule” Patch 12 are here.

For Zimbra 8.8.8 and above, you don’t need to download any patch builds. The patch packages can be installed using Linux package management commands. Please refer to the respective release notes for patch installation on Red Hat and Ubuntu platforms.

Note: Installing a zimbra-patch package only updates the Zimbra core packages.

Zimbra 9.0.0 “Kepler” Patch 5

Patch 5 is here for the Zimbra 9.0.0 “Kepler” GA release, and it includes Security Fixes, What’s New, Fixed Issues and Known Issues as listed in the release notes.

Security Fixes

Summary CVE-ID CVSS Score Zimbra Rating Fix Patch Version
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) CVE-2019-1010091 6.1 Medium 9.0.0 P5
Updated third-party mem component due to vulnerability WS-2018-0236 6.1 Medium 9.0.0 P5

Patch Installation

Please refer to the release notes for Zimbra 9.0.0 Patch 5 installation on Red Hat and Ubuntu platforms.

Zimbra 8.8.15 “James Prescott Joule” Patch 12

Patch 12 is here for the Zimbra 8.8.15 “James Prescott Joule” GA release, and it includes Security Fixes, What’s New, Fixed Issues and Known Issues as listed in the release notes.

Patch Installation

Please refer to the release notes for Zimbra 8.8.15 Patch 12 installation on Red Hat and Ubuntu platforms.