Re: CVE's concerning mod

Re: CVE's concerning mod_php on 8.7.0

Tony,

That measure has been taken on our end. But for some security minded folks in our organization, they would really like to see this addressed by the vendor.

Regards,

Pablo Garaitonandia
Penn State University
ITS, Administrative Information Services

pablo@psu.edu

From: "Tony Publiski" <tonster@tonster.com>
To: "Pablo E Garaitonandia" <peg11@psu.edu>
Cc: "zimbra-hied-admins" <zimbra-hied-admins@sfu.ca>
Sent: Tuesday, September 6, 2016 2:19:46 PM
Subject: Re: CVE's concerning mod_php on 8.7.0

Unless you're doing something silly, like exposing the httpd ports (7780 and 7047, for convertd and aspell) publicly, this should affect about 0% of of zimbra installs. :) The only thing mod_php is used for is the spell check feature in ZWC.

Tony

From: "Pablo E Garaitonandia" <peg11@psu.edu>
To: "zimbra-hied-admins" <zimbra-hied-admins@sfu.ca>
Sent: Tuesday, September 6, 2016 1:37:13 PM
Subject: CVE's concerning mod_php on 8.7.0

Folks,

8.7.0 has some critical CVE's in regards to the php module installed. I have included all the info we found on a scan in this bug. Please vote if interested.

https://bugzilla.zimbra.com/show_bug.cgi?id=106580

Regards,

Pablo Garaitonandia
Penn State University

References:

CVE's concerning mod_php on 8.7.0
- From: Pablo E Garaitonandia <peg11@psu.edu>
Re: CVE's concerning mod_php on 8.7.0
- From: Tony Publiski <tonster@tonster.com>