[Plone-IT] Fwd: [Plone-Users] Security Announcement: Severe Vulnerability - Patch Pre-Announcement

Fabrizio Rota fabrizio.rota a gmail.com
Gio 29 Set 2011 17:14:52 UTC


Mi ricorda tanto le scalate di privilegi delle altre volte........

2011/9/29 Yuri <yurj a alfa.it>

> oh, no, ancora! :-D
>
> -------- Messaggio originale --------
> Oggetto:        [Plone-Users] Security Announcement: Severe Vulnerability -
> Patch Pre-Announcement
> Data:   Wed, 28 Sep 2011 13:54:49 -0700
> Mittente:       Steve McMahon <steve a dcn.org>
> A:      plone_users <plone-users a lists.**sourceforge.net<plone-users a lists.sourceforge.net>>,
> Plone Developers <plone-developers a lists.**sourceforge.net<plone-developers a lists.sourceforge.net>
> >
>
>
>
> During a security audit conducted by a member of the Plone Security Team, a
> severe vulnerability was discovered in Zope 2.12.x and Zope 2.13.x that
> allows execution of arbitrary code by anonymous users.
> *
> *The vulnerability affects Plone 4.0 (through 4.0.9); Plone 4.1; Plone 4.2
> (a1 and a2); Zope 2.12.x and Zope 2.13.x. It allows an unauthenticated
> attacker to employ a carefully crafted web request to execute arbitrary
> commands with the privileges of the Zope/Plone service.
>
> *A patch will be available 2011-10-04, at 15:00 UTC.*
>
> Please carefully read h <goog_188554871>ttp://plone.**
> org/products/plone/security/**advisories/20110928<http://plone.org/products/plone/security/advisories/20110928>for more details.
>
> *General questions**about this announcement*, Plone patching procedures,
> and availability of support may be addressed to thePlone support forums <
> http://plone.org/support>. If you have*specific questions*about this
> vulnerability or its handling, contact thePlone Security Team <mailto:
> security a plone.org>.
>
> *To report potentially security-related issues**,*please send a mail to the
> Plone Security Team atsecurity a plone.org <mailto:security a plone.org>. The
> security team is always happy to credit individuals and companies who make
> responsible disclosures.
>
>
> _______________________________________________
> Plone-IT mailing list
> Plone-IT a lists.plone.org
> https://lists.plone.org/mailman/listinfo/plone-plone-it
> http://plone-regional-forums.221720.n2.nabble.com/Plone-Italy-f221721.html
>



-- 
Fabrizio
--------------------
"Life is what happens to you while you're busy making other plans" - J.
Lennon

“If you think education is expensive, try ignorance” - D. Bok

Life is like a game of cards. The hand you are dealt is determinism; the way
you play it is free will - Jawaharlal Nehru
-------------- parte successiva --------------
Un allegato HTML  stato rimosso...
URL: <http://lists.plone.org/pipermail/plone-plone-it/attachments/20110929/a5a96d68/attachment-0001.html>


Maggiori informazioni sulla lista Plone-IT