Personal tools
You are here: Home Products Plone Hotfix Releases Plone Hotfix 20071106
Document Actions

Plone Hotfix 20071106

Up to Product page
This hotfix corrects a vulnerability in the statusmessages and linkintegrity modules, where unsafe network data was interpreted as python pickles. This allows an attacker to run arbitrary python code within the Zope/Plone process.

For additional information about this project, please visit the project page.

Available downloads

PloneHotfix20071106.tar.gz

For all platforms (4.6 kB)

Release Notes

Tested with Plone 3.0, Plone 2.5
State Final release
License GPL
Release Manager Plone Security Response Team
Released 2007/11/06

Plone Hotfix 2007-11-06

This hotfix corrects a vulnerability in the statusmessages and linkintegrity modules, where unsafe network data was interpreted as python pickles. This allows an attacker to run arbitrary python code within the Zope/Plone process.

Affected versions

This hotfix applies to Plone 2.5 up to and including 2.5.4, and Plone 3.0 up to and including 3.0.2.

These fixes will be included in the upcoming 2.5.5 and 3.0.3 releases, at which point this hotfix can be removed.

Earlier plone releases (versions 2.1.x and below) are not affected.

Installation

  • Untar 'PloneHotfix20071106.tar.gz' into the Products directory of your Plone instance.
  • Restart Zope

Uninstallation

  • Remove 'PloneHotfix20071106' from the Products directory of your Plone instance.
  • Restart Zope

Change log

 

by Martijn Pieters last modified November 17, 2007 - 00:18

For any issues with the web site functionality, please file a ticket.

Please consult the policy on plone.org content if you want your content published on this site.

Servers and hosting by