Grazie mille!
Roberto
Il 30/05/13 08.51, Yuri ha scritto:
-------- Messaggio originale --------
Oggetto: [Plone-Users] Fwd: Vulnerability in PloneFormGen —
Updated announcement
Data: Wed, 29 May 2013 10:31:16 -0700
Mittente: Steve McMahon <[email protected]>
A: plone_users <[email protected]>, Plone
Developers <[email protected]>
PloneFormGen <http://plone.org/products/ploneformgen>, a widely used
response-form-creation add-on for the Plone Content Management System,
has been discovered to have a serious vulnerability that allows an
anonymous attacker to execute arbitrary code with the privileges of
the system user running the server.
Installations of Plone that do not use the PloneFormGen add-on are not
affected by this vulnerability.
The vulnerability is present in PloneFormGen versions 1.7.4
(2012-11-04) through 1.7.8. Users of any of these versions should
immediately upgrade to Products.PloneFormGen version 1.7.11
<https://pypi.python.org/pypi/Products.PloneFormGen/1.7.11>. 1.7.11
has been released today to the Plone and Python package repositories.
Another serious vulnerability affects most earlier versions of
PloneFormGen. This vulnerability affects forms that have custom script
adapters, and allows an anonymous attacker to gain control over the
handling of data submitted through the form. This vulnerability is
addressed in version 1.7.9. Users of PloneFormGen in the 1.6 series,
which runs on Plone 3.x, 4.0 and 4.1 should upgrade to version 1.6.7
<https://pypi.python.org/pypi/Products.PloneFormGen/1.6.7>, also
released today.
Help for installing the upgrade is available on the #plone IRC
channel <http://plone.org/support/chat> and forums
<https://plone.org/support/forums>. Upgrading an already installed
package requires you to specify the new version number in your
buildout configuration file
<https://weblion.psu.edu/trac/weblion/wiki/VersionPinning>Â and run
buildout.
Thanks to The Code Distillery's security analysts for the responsible
disclosure of the vulnerabilities, and for their suggestions for
addressing the issues.
_______________________________________________
Plone-IT mailing list
[email protected]
https://lists.plone.org/mailman/listinfo/plone-plone-it
http://plone-regional-forums.221720.n2.nabble.com/Plone-Italy-f221721.html
--
*dott. Roberto Rascioni - Ufficio Web, E-Learning, Sviluppo & Ricerca *
CSIA - Università degli studi di Macerata
Vicolo Tornabuoni, 58 - 62100 Macerata
Tel +39 0733.258.4408 - Fax +39 0733.258.4415
http://www.unimc.it
Save a tree - Do you really need to print this email?
************************************************************
LA SCIENZA DI OGGI È LA VITA DI DOMANI.
Sostieni il *Progetto giovani ricercatori*:
5 per mille all'Università di Macerata - C.F.: 00177050432
http://www.unimc.it/5permille
************************************************************
_______________________________________________
Plone-IT mailing list
[email protected]
https://lists.plone.org/mailman/listinfo/plone-plone-it
http://plone-regional-forums.221720.n2.nabble.com/Plone-Italy-f221721.html
