il 2012 e' passato liscio... che pretendete? :)
2013/6/5 Vito Falco <[email protected]> > ufff > > > > 2013/6/5 Yuri <[email protected]> > >> Security vulnerability announcement: 20130611 - Multiple vectors < >> http://feedproxy.google.com/%**7Er/plonenews/%7E3/QplvNHXQ-** >> Hc/20130611-announcement?utm_**source=feedburner&utm_medium=**email<http://feedproxy.google.com/%7Er/plonenews/%7E3/QplvNHXQ-Hc/20130611-announcement?utm_source=feedburner&utm_medium=email>> >> >> >> Posted: 31 May 2013 03:26 AM PDT >> >> CVE numbers not yet issued. >> >> *Versions Affected:* All current Plone versions. >> >> *Versions Not Affected:* None. >> >> *This is a pre-announcement.* Due to the severity of some of these >> issues, we are providing an advance warning of an upcoming patch. The patch >> will be released on this page <http://plone.org/products/** >> plone-hotfix/releases/20121106<http://plone.org/products/plone-hotfix/releases/20121106> >> **> at *2013-06-11 15:00 UTC <http://www.timeanddate.com/** >> worldclock/fixedtime.html?msg=**Plone+security+patch+release&** >> iso=20130611T15<http://www.timeanddate.com/worldclock/fixedtime.html?msg=Plone+security+patch+release&iso=20130611T15>>*. >> >> >> >> What You Should Do in Advance of Patch Availability >> >> Due to the nature of the vulnerability, the security team has decided to >> pre-announce that a fix is upcoming before disclosing the details. This is >> to ensure that concerned users can plan around the release. As the fix >> being published will make the details of the vulnerability public, we are >> recommending that all users plan a maintenance window for the 60 minutes >> following the announcement in which to install the fix. >> >> Meanwhile, we STRONGLY recommend that you take the following steps to >> protect your site: >> >> 1. Make sure that the Zope/Plone service is running with with minimum >> privileges. Ideally, the Zope and ZEO services should be able to >> write only to log and data directories. >> 2. Use an intrusion detection system that monitors key system resources >> for unauthorized changes. >> 3. Monitor your Zope, reverse-proxy request and system logs for unusual >> activity. >> >> These are standard precautions that should be employed on any production >> system. >> >> >> Extra Help >> >> Should you not have in-house server administrators or a service agreement >> looking after your website, you can find consulting companies on >> plone.net <http://plone.net/>. >> >> There is also free support <../../../../support> available online via >> Plone mailing lists and the Plone IRC channels. >> >> *Q: When will the patch be made available? >> *A: The Plone Security Team will release the patch at 2013-06-11 15:00 >> UTC. >> >> *Q. What will be involved in applying the patch? >> *A. Patches are made available as tarball-style archives that may be >> unpacked into the products folder of a buildout installation and as Python >> packages that may be installed by editing a buildout configuration file and >> running buildout. Patching is generally easy and quick to accomplish. >> >> *Q: How were these vulnerability found? >> *A: The majority of issues were found as part of audits performed by the >> Plone Security team. A subset were reported by users. More details will be >> available upon release of the patch. >> >> *Q: My site is highly visible and mission-critical. I hear the patch has >> already been developed. Can I get the fix before the release date?* >> A: No. The patch will be made available to *all users at the same time*. >> There are no exceptions. >> >> *Q: If the patch has been developed already, why isn't it made available >> to the public now? >> *A: The Security Team is still testing the patch and running various >> scenarios thoroughly. The team is also making sure everybody has >> appropriate time to plan to patch their Plone installation(s). Some >> consultancy organizations have hundreds of sites to patch and need the >> extra time to coordinate their efforts with their clients. >> >> *Q: How does one exploit the vulnerability? >> *A: This information will not be made public until after the patch is >> made available. >> >> *General questions* *about this announcement*, Plone patching procedures, >> and availability of support may be addressed to the Plone support forums >> <../../../../support>. If you have *specific questions* about this >> vulnerability or its handling, contact the Plone Security Team <mailto: >> [email protected]>. >> >> *To report potentially security-related issues**,* e-mail the Plone >> Security Team at [email protected]. We are always happy to credit >> individuals and companies who make responsible disclosures. >> >> >> Information for Vulnerability Database Maintainers >> >> We will issue individual advice on each issue, including CVSS2 and CWE >> identifiers when the patch is released. We currently do not have CVE >> numbers assigned, but are in the process of applying. >> >> ______________________________**_________________ >> Plone-IT mailing list >> [email protected] >> https://lists.plone.org/**mailman/listinfo/plone-plone-**it<https://lists.plone.org/mailman/listinfo/plone-plone-it> >> http://plone-regional-forums.**221720.n2.nabble.com/Plone-** >> Italy-f221721.html<http://plone-regional-forums.221720.n2.nabble.com/Plone-Italy-f221721.html> >> > > > > -- > *Vito Falco* > Webdeveloper & designer freelance, Plone enthusiast > Bari, IT > tel +39 3346330137 | skype vito80ba | twitter vito80ba > Linkedin http://it.linkedin.com/in/vitof > > _______________________________________________ > Plone-IT mailing list > [email protected] > https://lists.plone.org/mailman/listinfo/plone-plone-it > http://plone-regional-forums.221720.n2.nabble.com/Plone-Italy-f221721.html > -- bye SauZheR ************************************ l'iterazione รจ umana... la ricorsione, Divina! ************************************ reply to: sauzher AT gmail DOT com
_______________________________________________ Plone-IT mailing list [email protected] https://lists.plone.org/mailman/listinfo/plone-plone-it http://plone-regional-forums.221720.n2.nabble.com/Plone-Italy-f221721.html
