[triangle-zpug] Important Hotfix for Plone

Rob Lineberger rob_lineberger at med.unc.edu
Tue Nov 6 20:00:54 UTC 2007


If you have a plone site, better look at this. They've made it a warning
on the main page of plone and SteveM is urging everyone to hotfix
immediately.

CVE-2007-5741: unsafe data interpreted as pickles
by Wichert Akkerman — last modified November 6, 2007 - 09:40 

This hotfix corrects a vulnerability in the statusmessages and
linkintegrity modules, where unsafe network data was interpreted as
python pickles. This allows an attacker to run arbitrary python code
within the Zope/Plone process.






More information about the triangle-zpug mailing list