MDaemon Patch Bulletin – MD111221

Fix to Server and Webmail Vulnerabilities

Published November 11, 2021

Summary

Vulnerabilities in MDaemon for Denial of Service (high CPU usage) related to DKIM verification and Webmail (WorldClient) XSS (cross-site scripting) were identified during routine testing or related to bug reports.

To address this issue, the development team at MDaemon Technologies has released patches for affected versions of MDaemon.

For specific information, see the Affected Software Section below.

Recommendation: For MDaemon installations, MDaemon Technologies recommends that administrators apply the patch by downloading the appropriate version and language file listed below.

Known Issues: There are no known issues that customers may experience when installing this patch.

Affected Software

The following versions of MDaemon have been tested and determined to be affected. Please download the file version AND language based upon your current installation.

For versions 16.0.0 - 17.5.5, download the correct ZIP file and extract it to \MDaemon\App.

For versions 18.0.0 - 21.0.3, download the correct installer and run it.

MDaemon 21.0.X (32 bit)

21.0.4 - Select Your Language

MDaemon 21.0.X (64 bit)

21.0.4 64 bit - Select Your Language

MDaemon 20.0.X (32 bit)

20.0.5 - Select Your Language

MDaemon 20.0.X (64 bit)

20.0.5 64 bit - Select Your Language

MDaemon 19.5.X (32 bit)

19.5.8 - Select Your Language

MDaemon 19.5.X (64 bit)

19.5.8 64 bit - Select Your Language

MDaemon 19.0.X (32 bit)

19.0.7 - Select Your Language

MDaemon 19.0.X (64 bit)

19.0.7 64 bit - Select Your Language

MDaemon 18.5.X (32 bit)

18.5.7 - Select Your Language

MDaemon 18.5.X (64 bit)

18.5.7 64 bit - Select Your Language

MDaemon 18.0.X (32 bit)

18.0.5 - Select Your Language

MDaemon 18.0.X (64 bit)

18.0.5 64 bit - Select Your Language

MDaemon 16.x and 17.x (32 bit, all languages)

MDaemon 16.x and 17.x (32 bit)

MDaemon 16.x and 17.x (64 bit, all languages)

MDaemon 16.x and 17.x (64 bit)

Frequently Asked Questions (FAQ) Related to This Update

What is the impact?

These attacks may impact all users of MDaemon and MDaemon Webmail (WorldClient).

What versions of MDaemon are affected?

Supported versions of MDaemon Email Server - versions 16.0.0 through 21.0.3 Users of earlier, un-supported versions of MDaemon are also encouraged to upgrade to the latest version to ensure they have the latest patches and security updates.

Additional questions can be answered by using the web site Chat Feature in the top right header or by contacting MDaemon Technologies Support.