Updated zarafa packages fix security vulnerabilities: Robert Scheck reported that Zarafa’s WebAccess stored session information, including login credentials, on-disk in PHP session files. This session file would contain a user’s username and password to the Zarafa IMAP server (CVE-2014-0103). Robert Scheck discovered that the Zarafa Collaboration Platform has multiple incorrect default permissions (CVE-2014-5447, CVE-2014-5448, CVE-2014-5449, CVE-2014-5450).
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Mageia | 3 | noarch | zarafa | <Â 7.1.11-1 | zarafa-7.1.11-1.mga3 |
Mageia | 4 | noarch | zarafa | <Â 7.1.11-1 | zarafa-7.1.11-1.mga4 |