New user?
Document Actions
Plone Hotfix 20071106
Up to Product page
This hotfix corrects a vulnerability in the statusmessages and linkintegrity
modules, where unsafe network data was interpreted as python pickles. This
allows an attacker to run arbitrary python code within the Zope/Plone
process.
For additional information about this project, please visit the
project page.
Available downloads
Release Notes
| Tested with | Plone 3.0, Plone 2.5 |
|---|---|
| State | Final release |
| License | GPL |
| Release Manager | Plone Security Response Team |
| Released | 2007/11/06 |
Plone Hotfix 2007-11-06
This hotfix corrects a vulnerability in the statusmessages and linkintegrity modules, where unsafe network data was interpreted as python pickles. This allows an attacker to run arbitrary python code within the Zope/Plone process.
Affected versions
This hotfix applies to Plone 2.5 up to and including 2.5.4, and Plone 3.0 up to and including 3.0.2.
These fixes will be included in the upcoming 2.5.5 and 3.0.3 releases, at which point this hotfix can be removed.
Earlier plone releases (versions 2.1.x and below) are not affected.
Installation
- Untar 'PloneHotfix20071106.tar.gz' into the Products directory of your Plone instance.
- Restart Zope
Uninstallation
- Remove 'PloneHotfix20071106' from the Products directory of your Plone instance.
- Restart Zope
Change log
