[Users] Last security patch
L Mark Stone
lmstone at lmstone.com
Tue Mar 19 14:26:38 CET 2019
Thanks David; it wasn't clear to me that the author was saying in the last section that all these exposures had been fixed.
His opening second paragraph states explicitly that "...at least one potential RCE exists in all versions of Zimbra." and then his three bullet list includes 8.8.11, so I drew the opposite conclusion.
All the best,
Mark
_________________________________________________
Another Message From... L. Mark Stone
________________________________
From: David Touitou <david at network-studio.com>
Sent: Tuesday, March 19, 2019 9:08 AM
To: L Mark Stone
Cc: Info Zeta Alliance; users
Subject: Re: [Users] Last security patch
Hi,
> The tint0 article is a little too far above my understanding of programming, but
> if the article's IMAP exploit is addressed via current patches on 8.7.11 and
> 8.8.10/11, then all we need to worry about is the memcache issue.
The blog post was done once the vulnerabilities were patched, that's in the post conclusion.
So we should not worry about the memcached issue if running the very last version of Zimbra (as IMAP can not reclaim the needed data from memcached anymore).
As Barry said, automatic upgrade would be great. On a stable and working version.
But current Q&A doesn't allow that.
David
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.zetalliance.org/pipermail/users_lists.zetalliance.org/attachments/20190319/915c76b9/attachment.html>
More information about the Users
mailing list