7-1-09 security patch

[bonadio]

Hello

I received yesterday an email suposed comming from Zimbra saying that all version have a critical bug and asking to upgrade some software, the email looks like very real but the link to the download file is outside of zimbra and looks like very suspicious.

I am attaching the message that I received as a pdf

Following the header

Received: from mx01.vm10.com.br (10.14.78.189) by w01.viewit.local
(10.14.78.130) with Microsoft SMTP Server id 8.1.375.2; Wed, 1 Jul 2009
21:28:44 -0300
Received: from email1.atl.loopfuse.net (email1.atl.loopfuse.net [64.94.11.25])
by mx01-int.vm10.com.br (Postfix) with ESMTP id CF77CD9B9C for
<cesar.bonadio@viewit.com.br>; Wed, 1 Jul 2009 21:47:53 -0300 (BRT)
Received: from proc1.atl.loopfuse.net (64.94.11.21) by email1.atl.loopfuse.net
(PowerMTA(TM) v3.5r11) id h9fvsk0pb50n for <cesar.bonadio@viewit.com.br>;
Wed, 1 Jul 2009 20:30:02 -0400 (envelope-from <bounce-notify@zimbra.com>)
From: Zimbra Support <support@zimbra.com>
Reply-To: support@zimbra.com
To: cesar.bonadio@viewit.com.br
Message-ID: <1068003273.1669941246494602460.JavaMail.jboss@pro c1.atl.loopfuse.net>
Subject: Zimbra Security Vulnerability Report
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_Part_162736_520781612.1246494602459"
LF_CID: LF_fe2186a1
LF_VID: 4a1c8e87-b8b0-4ff2-be97-f441a0d7f083
LF_KID: 28
LF_EMAIL: cesar.bonadio@viewit.com.br
Date: Wed, 1 Jul 2009 21:47:53 -0300
Return-Path: bounce-notify@zimbra.com

[phoenix]

This is a genuine email from Zimbra and apologies for the confusing link, your post has been moderated until a formal announcement is made on the forums.

[jholder]

This is a legitimate email, and due to the severity of the issue, we have not publicity announced it. We will do so later today.

We notified NE customers via email to provide a 24 hour update window before the information is released to the public.

Therefore, I have to hide this thread until we announce.

Thanks,
john

[Hubert]

Quote:

Originally Posted by greenrenault

I received a Zimbra Security Vulnerability Report email today. Is this a hoax or for real? There is no mention of it in the forum announcements.

If real, will this precipitate a new Zimbra release? I really hate 'patching' a system.

Thanks!

I would highly recommend patching ASAP rather than waiting for the next release (I discovered the vulnerabiliy).

You just have to replace 2 JAR files and do zmmailboxdctl stop/start (not necessary to restart all services if your version has zmmailboxdctl).

[LMStone]

Quote:

Originally Posted by Hubert

I would highly recommend patching ASAP rather than waiting for the next release (I discovered the vulnerabiliy).

You just have to replace 2 JAR files and do zmmailboxdctl stop/start (not necessary to restart all services if your version has zmmailboxdctl).

Hubert,

As a Premiere Zimbra Hosting provider and erstwhile Forum Moderator I just want to say a very sincere and hearty "thank you!" publicly to you for discovering this, and for the very professional manner in which you and everyone else pursued a speedy and easy-to-implement solution.

It is very, very much appreciated!

Thanks again,
Mark

P.S. Has Zimbra offered you a job yet? (Only half joking here...)

[andrewfn]

Thanks for the speedy patch. Unfortunately there is a line missing from the instructions. You need to:

Code:

mkdir /opt/zimbra/save-07012009

or the mv will fail

[chauvetp]

When was this e-mail notice sent? I am only seeing this on the forum and I (as a NE user) cannot find any record of receiving this notice.

[uxbod]

I would check with your account manager

[su_A_ve]

Quote:

Originally Posted by andrewfn

Thanks for the speedy patch. Unfortunately there is a line missing from the instructions. You need to:

Code:

mkdir /opt/zimbra/save-07012009

or the mv will fail

Yup - beat me to it...

Even on the announcement, it's missing...