Zimbra is aware of a Linux vulnerability, specifically the GNU C Library.
The vulnerability appears to have been found by Qualys and disclosed in security advisory CVE 2015-0235. It should be noted that the vulnerability was patched in v 2.17 of the library, but at the time was not categorized as a security issue, leading many to maintain stable versions, i.e. vulnerable versions. This is an operating system vulnerability; at this time, and to the best of our knowledge, there are no known exploits against Zimbra’s software related to CVE 2015-0235.
Zimbra recommends that anyone running Linux update their systems as soon as possible. And while Linux doesn’t usually require a restart, it is recommended to ensure all underlying software services are patched.
Patches or acknowledgements
Note: the original post was updated slightly to clarify the relationship between the vulnerability and the lack of known exploits against software shipped by Zimbra.