Zimbra Collaboration Server 8 is susceptible to the OpenSSL Heartbleed bug: Specifically, nginx, postfix and OpenLDAP all link directly to OpenSSL shipped in ZCS8. Other components in the ZCS package also link to the openssl libraries, but the above three are the potentially Internet-facing services that would be attackable. All versions of ZCS8 as released today are vulnerable. ZCS7 is not vulnerable because it uses OpenSSL 1.0.0, which is not vulnerable. Only OpenSSL 1.0.1 and later are reported as being vulnerable. Zimbra has produced an OpenSSL patch for versions 8.0.3 to 8.0.7. If you are running a version prior to 8.0.3, your server is susceptible to other critical security vulnerabilities [reference: https://www.zimbra.com/forums/announ...-84547-a.html] , so you would please need to upgrade to a secure version first, then run this patch. The patch is located here: http://files.zimbra.com/downloads/se...ssl-updater.sh The patch downloads the correct ...
Where there is a shell, there's a way.