What Are You Looking For?

Sign Up
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2015-8479
2015-05-19 11:37:55
--------------------------------------------------------------------------------

Name        : zarafa
Product     : Fedora 20
Version     : 7.1.12
Release     : 2.fc20
URL         : https://www.zarafa.com/
Summary     : Open Source Edition of the Zarafa Collaboration Platform
Description :
The Zarafa Collaboration Platform is a Microsoft Exchange replacement. The
Open Source Collaboration provides an integration with your existing Linux
mail server, native mobile phone support by ActiveSync compatibility and a
webaccess with 'Look & Feel' similar to Outlook using Ajax. Including an
IMAP and a POP3 gateway as well as an iCal/CalDAV gateway, the Zarafa Open
Source Collaboration can combine the usability with the stability and the
flexibility of a Linux server.

The proven Zarafa groupware solution is using MAPI objects, provides a MAPI
client library as well as programming interfaces for C++, PHP and Python.
The other Zarafa related packages need to be installed to gain all features
and benefits of the Zarafa Collaboration Platform (ZCP).

--------------------------------------------------------------------------------
Update Information:

- Upgrade to 7.1.12 (re-released)
- Backported patch from Zarafa 7.2 to fix CVE-2015-3436
--------------------------------------------------------------------------------
ChangeLog:

* Mon May 18 2015 Robert Scheck  7.1.12-2
- Upgrade to 7.1.12 (re-released)
- Backported patch from Zarafa 7.2 to fix CVE-2015-3436 (#1222151)
* Tue Apr  7 2015 Robert Scheck  7.1.12-1
- Upgrade to 7.1.12
- Added multiple minor enhancement and bugfix patches
- Added patch to fix CVE-2014-0103 for PHP < 5.3 (#1073618)
- Handle "su" option in logrotate >= 3.8.0 to avoid errors* Sat Oct 25 2014 Kevin Kofler  7.1.11-2
- Rebuild for reference-counting-enabled clucene09
* Wed Oct 15 2014 Robert Scheck  7.1.11-1
- Upgrade to 7.1.11 (#1139442)
- Removed bundled PHP PEAR files/libraries
- Added patch to allow mitigation of SSLv3/POODLE vulnerability
- Added patch to implement ECDHE support (depending on OpenSSL)
- Added patch to allow plaintext authentication from 127.0.0.1
* Tue Aug 26 2014 David Tardon  - 7.1.10-5
- rebuild for ICU 53.1
* Mon Aug 25 2014 Robert Scheck  7.1.10-4
- Fixed multiple incorrect default permissions (#1133439)
* Mon Aug 18 2014 Fedora Release Engineering  - 7.1.10-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
* Mon Jul 14 2014 Robert Scheck  7.1.10-3
- Rebuild for gSOAP 2.8.17
* Fri Jul 11 2014 Robert Scheck  7.1.10-2
- Added a workaround to really support MariaDB (#995870)
- Re-added a patch to allow building without zarafa-search
* Sun Jun 29 2014 Robert Scheck  7.1.10-1
- Upgrade to 7.1.10
* Fri Jun 20 2014 Remi Collet  - 7.1.9-2.1
- rebuild for https://fedoraproject.org/wiki/Changes/Php56
- add numerical prefix to extension configuration file
* Sat Jun  7 2014 Fedora Release Engineering  - 7.1.9-2.1
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
* Thu May 22 2014 Petr Machata  - 7.1.9-2
- Rebuild for boost 1.55.0
* Thu May  1 2014 Robert Scheck  7.1.9-1
- Upgrade to 7.1.9
* Fri Feb 21 2014 Robert Scheck  7.1.8-3
- Upgrade to 7.1.8 (re-released)
* Fri Feb 14 2014 Parag Nemade  - 7.1.8-2
- Rebuild for icu 52
* Thu Jan 30 2014 Robert Scheck  7.1.8-1
- Upgrade to 7.1.8 (#1056767, #1059903)
* Sun Dec  8 2013 Robert Scheck  7.1.7-1
- Upgrade to 7.1.7 (#1008068)
- Added dependency from gateway and spooler to python-MAPI
- Added requirements to virtual libvmime ABI/API provides
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1222151 - CVE-2015-3436 zarafa: Overwrite arbitrary files in filesystem
        https://bugzilla.redhat.com/show_bug.cgi?id=1222151
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use
su -c 'yum update zarafa' at the command line.
For more information, refer to "Managing Software with yum",
available at .

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-announce

Fedora 20: zarafa Security Update

June 5, 2015
- Upgrade to 7.1.12 (re-released) - Backported patch from Zarafa 7.2 to fix CVE-2015-3436

Summary

The Zarafa Collaboration Platform is a Microsoft Exchange replacement. The

Open Source Collaboration provides an integration with your existing Linux

mail server, native mobile phone support by ActiveSync compatibility and a

webaccess with 'Look & Feel' similar to Outlook using Ajax. Including an

IMAP and a POP3 gateway as well as an iCal/CalDAV gateway, the Zarafa Open

Source Collaboration can combine the usability with the stability and the

flexibility of a Linux server.

The proven Zarafa groupware solution is using MAPI objects, provides a MAPI

client library as well as programming interfaces for C++, PHP and Python.

The other Zarafa related packages need to be installed to gain all features

and benefits of the Zarafa Collaboration Platform (ZCP).

Update Information:

- Upgrade to 7.1.12 (re-released) - Backported patch from Zarafa 7.2 to fix CVE-2015-3436

Change Log

* Mon May 18 2015 Robert Scheck 7.1.12-2 - Upgrade to 7.1.12 (re-released) - Backported patch from Zarafa 7.2 to fix CVE-2015-3436 (#1222151) * Tue Apr 7 2015 Robert Scheck 7.1.12-1 - Upgrade to 7.1.12 - Added multiple minor enhancement and bugfix patches - Added patch to fix CVE-2014-0103 for PHP < 5.3 (#1073618) - Handle "su" option in logrotate >= 3.8.0 to avoid errors* Sat Oct 25 2014 Kevin Kofler 7.1.11-2 - Rebuild for reference-counting-enabled clucene09 * Wed Oct 15 2014 Robert Scheck 7.1.11-1 - Upgrade to 7.1.11 (#1139442) - Removed bundled PHP PEAR files/libraries - Added patch to allow mitigation of SSLv3/POODLE vulnerability - Added patch to implement ECDHE support (depending on OpenSSL) - Added patch to allow plaintext authentication from 127.0.0.1 * Tue Aug 26 2014 David Tardon - 7.1.10-5 - rebuild for ICU 53.1 * Mon Aug 25 2014 Robert Scheck 7.1.10-4 - Fixed multiple incorrect default permissions (#1133439) * Mon Aug 18 2014 Fedora Release Engineering - 7.1.10-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild * Mon Jul 14 2014 Robert Scheck 7.1.10-3 - Rebuild for gSOAP 2.8.17 * Fri Jul 11 2014 Robert Scheck 7.1.10-2 - Added a workaround to really support MariaDB (#995870) - Re-added a patch to allow building without zarafa-search * Sun Jun 29 2014 Robert Scheck 7.1.10-1 - Upgrade to 7.1.10 * Fri Jun 20 2014 Remi Collet - 7.1.9-2.1 - rebuild for https://fedoraproject.org/wiki/Changes/Php56 - add numerical prefix to extension configuration file * Sat Jun 7 2014 Fedora Release Engineering - 7.1.9-2.1 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild * Thu May 22 2014 Petr Machata - 7.1.9-2 - Rebuild for boost 1.55.0 * Thu May 1 2014 Robert Scheck 7.1.9-1 - Upgrade to 7.1.9 * Fri Feb 21 2014 Robert Scheck 7.1.8-3 - Upgrade to 7.1.8 (re-released) * Fri Feb 14 2014 Parag Nemade - 7.1.8-2 - Rebuild for icu 52 * Thu Jan 30 2014 Robert Scheck 7.1.8-1 - Upgrade to 7.1.8 (#1056767, #1059903) * Sun Dec 8 2013 Robert Scheck 7.1.7-1 - Upgrade to 7.1.7 (#1008068) - Added dependency from gateway and spooler to python-MAPI - Added requirements to virtual libvmime ABI/API provides

References

[ 1 ] Bug #1222151 - CVE-2015-3436 zarafa: Overwrite arbitrary files in filesystem https://bugzilla.redhat.com/show_bug.cgi?id=1222151

Update Instructions

This update can be installed with the "yum" update program. Use su -c 'yum update zarafa' at the command line. For more information, refer to "Managing Software with yum", available at .

Severity
Name : zarafa
Product : Fedora 20
Version : 7.1.12
Release : 2.fc20
URL : https://www.zarafa.com/
Summary : Open Source Edition of the Zarafa Collaboration Platform

Related News

CISA Orders Federal Agencies to Patch Looney Tunables Linux Bug

Nov 25, 2023

Expanded Platform Support For AMD Dynamic Boost Control Being Worked On For Linux

Sep 9, 2023

Linux Malware! Read This If You Use Free Download Manager

Sep 13, 2023

If You Use Linux - Watch Out for This Stealthy New Malware

May 15, 2023

News

Advisories

HOWTOs

Features

Unlocking the Future of Authentication: Passkeys vs. Passwords
Empowering MSPs with Straightforward Linux Device Management
A Complete Guide to Torrenting Safely in 2024
Cloud Security Basics for Small Businesses
Scanning and Defending Networks with Nmap

About Us

Powered By

Footer Logo