[Users] Security Patch for for Zimbra Collaboration Suite 8.8.15 in /opt/zimbra/jetty/webapps/zimbra/m/momoveto
Marco Di Antonio
diantonio at italiaonsite.com
Thu Jul 13 10:48:39 CEST 2023
Hi
what exactly does that mean? What CVE is it?
--
Marco Di Antonio
Da: "Andreas Wolske" <andreas.wolske at managedhosting.de>
A: "users" <users at lists.zetalliance.org>
Inviato: Giovedì, 13 luglio 2023 8:03:00
Oggetto: [Users] Security Patch for for Zimbra Collaboration Suite 8.8.15 in /opt/zimbra/jetty/webapps/zimbra/m/momoveto
Hello all,
Synacor recommended via E-Mail to fix a security vulnerability by
manually changing line 40 of /opt/zimbra/jetty/webapps/zimbra/m/momoveto
This would be cumbersome to roll out via Ansible or SSH. So I just
wanted to share the script I used:
# as root
sudo su -
# make backup of /opt/zimbra/jetty/webapps/zimbra/m/momoveto
cp /opt/zimbra/jetty/webapps/zimbra/m/momoveto /tmp/momoveto.backup
# check "param.st"
grep param.st /opt/zimbra/jetty/webapps/zimbra/m/momoveto
# apply fix
sed -i 's/param.st/fn:escapeXml(param.st)/'
/opt/zimbra/jetty/webapps/zimbra/m/momoveto
# check "param.st"
grep param.st /opt/zimbra/jetty/webapps/zimbra/m/momoveto
# remove backup
rm -f /tmp/momoveto.backup
HTH
Best regards
Andreas Wolske
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.zetalliance.org/pipermail/users_lists.zetalliance.org/attachments/20230713/0ecbd4c8/attachment.html>
More information about the Users
mailing list