[Zope-dev] Security vulnerabiity CVE 2011-3587: Arbitrary Code Execution
The Zope security response team is announcing a fix for a vulnerability in Zope 2.12.x and Zope 2.13.x that allows execution of arbitrary code by anonymous users. The hotfix for this vulnerability was pre-announced last week. This is a severe vulnerability that allows an unauthenticated attacker to employ a carefully crafted web request to execute arbitrary commands with the privileges of the Zope service. Versions Affected: Zope 2.12.x and Zope 2.13.x. Versions Not Affected: Zope 2.11.x, Zope 2.10.x or prior You can either install the Hotfix as an egg release from http://pypi.python.org/pypi/Products.Zope_Hotfix_CVE_2011_3587 or as an old-style product release available from http://download.zope.org/Zope2/hotfixes/Zope_Hotfix_CVE_2011_3587-v10.tar.gz. Alternatively you can upgrade to the latest bugfix release of Zope. Versions 2.12.20 and 2.13.10 will be released today and include the fix for this vulnerability. Please refer to http://zope2.zope.org/news/security-vulnerability-announcement-cve-2011-3587 for more details. The Plone community has also released a security hotfix today covering an additional security issue. If you are using Plone, please refer to http://plone.org/products/plone/security/advisories/20110928. On behalf of the Zope security response team, Hanno Schlichting ___ Zope-Dev maillist - Zope-Dev@zope.org https://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - https://mail.zope.org/mailman/listinfo/zope-announce https://mail.zope.org/mailman/listinfo/zope )
[Zope-dev] zope-tests - FAILED: 19, OK: 37
This is the summary for test reports received on the zope-tests list between 2011-10-03 00:00:00 UTC and 2011-10-04 00:00:00 UTC: See the footnotes for test reports of unsuccessful builds. An up-to date view of the builders is also available in our buildbot documentation: http://docs.zope.org/zopetoolkit/process/buildbots.html#the-nightly-builds Reports received Bluebream / Python2.5.5 64bit linux Bluebream / Python2.6.5 64bit linux Bluebream / Python2.7.2 64bit linux ZTK 1.0 / Python2.4.6 Linux 64bit ZTK 1.0 / Python2.5.5 Linux 64bit ZTK 1.0 / Python2.6.5 Linux 64bit [1]ZTK 1.0dev / Python2.4.6 Linux 64bit [2]ZTK 1.0dev / Python2.5.5 Linux 64bit [3]ZTK 1.0dev / Python2.6.5 Linux 64bit [4]ZTK 1.1 / Python2.5.5 Linux 64bit [5]ZTK 1.1 / Python2.6.5 Linux 64bit [6]ZTK 1.1 / Python2.7.2 Linux 64bit [7]ZTK 1.1dev / Python2.5.5 Linux 64bit [8]ZTK 1.1dev / Python2.6.5 Linux 64bit [9]ZTK 1.1dev / Python2.7.2 Linux 64bit Zope 3.4 KGS / Python2.4.6 64bit linux [10] Zope 3.4 KGS / Python2.5.5 64bit linux Zope 3.4 Known Good Set / py2.4-32bit-linux Zope 3.4 Known Good Set / py2.4-64bit-linux Zope 3.4 Known Good Set / py2.5-32bit-linux Zope 3.4 Known Good Set / py2.5-64bit-linux Zope-2.10 Python-2.4.6 : Linux Zope-2.11 Python-2.4.6 : Linux Zope-2.12 Python-2.6.6 : Linux Zope-2.12-alltests Python-2.6.6 : Linux Zope-2.13 Python-2.6.6 : Linux Zope-2.13-alltests Python-2.6.6 : Linux Zope-trunk Python-2.6.6 : Linux Zope-trunk-alltests Python-2.6.6 : Linux winbot / ZODB_dev py_254_win32 winbot / ZODB_dev py_265_win32 winbot / ZODB_dev py_265_win64 winbot / ZODB_dev py_270_win32 winbot / ZODB_dev py_270_win64 [11] winbot / z3c.baseregistry_py_265_32 [12] winbot / z3c.contents_py_265_32 [13] winbot / z3c.form_py_265_32 [14] winbot / z3c.formui_py_265_32 [15] winbot / z3c.layer.ready2go_py_265_32 [16] winbot / z3c.macro_py_265_32 [17] winbot / z3c.pagelet_py_265_32 [18] winbot / z3c.tabular_py_265_32 [19] winbot / z3c.template_py_265_32 winbot / ztk_10 py_254_win32 winbot / ztk_10 py_265_win32 winbot / ztk_10 py_265_win64 winbot / ztk_11 py_254_win32 winbot / ztk_11 py_265_win32 winbot / ztk_11 py_265_win64 winbot / ztk_11 py_270_win32 winbot / ztk_11 py_270_win64 winbot / ztk_dev py_254_win32 winbot / ztk_dev py_265_win32 winbot / ztk_dev py_265_win64 winbot / ztk_dev py_270_win32 winbot / ztk_dev py_270_win64 Non-OK results -- [1]FAILED ZTK 1.0dev / Python2.4.6 Linux 64bit https://mail.zope.org/pipermail/zope-tests/2011-October/050575.html [2]FAILED ZTK 1.0dev / Python2.5.5 Linux 64bit https://mail.zope.org/pipermail/zope-tests/2011-October/050577.html [3]FAILED ZTK 1.0dev / Python2.6.5 Linux 64bit https://mail.zope.org/pipermail/zope-tests/2011-October/050576.html [4]FAILED ZTK 1.1 / Python2.5.5 Linux 64bit https://mail.zope.org/pipermail/zope-tests/2011-October/050557.html [5]FAILED ZTK 1.1 / Python2.6.5 Linux 64bit https://mail.zope.org/pipermail/zope-tests/2011-October/050556.html [6]FAILED ZTK 1.1 / Python2.7.2 Linux 64bit https://mail.zope.org/pipermail/zope-tests/2011-October/050555.html [7]FAILED ZTK 1.1dev / Python2.5.5 Linux 64bit https://mail.zope.org/pipermail/zope-tests/2011-October/050565.html [8]FAILED ZTK 1.1dev / Python2.6.5 Linux 64bit https://mail.zope.org/pipermail/zope-tests/2011-October/050564.html [9]FAILED ZTK 1.1dev / Python2.7.2 Linux 64bit https://mail.zope.org/pipermail/zope-tests/2011-October/050566.html [10] FAILED Zope 3.4 KGS / Python2.5.5 64bit linux https://mail.zope.org/pipermail/zope-tests/2011-October/050587.html [11] FAILED winbot / z3c.baseregistry_py_265_32 https://mail.zope.org/pipermail/zope-tests/2011-October/050581.html [12] FAILED winbot / z3c.contents_py_265_32 https://mail.zope.org/pipermail/zope-tests/2011-October/050580.html [13] FAILED winbot / z3c.form_py_265_32 https://mail.zope.org/pipermail/zope-tests/2011-October/050573.html [14] FAILED winbot / z3c.formui_py_265_32 https://mail.zope.org/pipermail/zope-tests/2011-October/050574.html [15] FAILED winbot / z3c.layer.ready2go_py_265_32 https://mail.zope.org/pipermail/zope-tests/2011-October/050585.html [16] FAILED winbot / z3c.macro_py_265_32 https://mail.zope.org/pipermail/zope-tests/2011-October/050583.html [17] FAILED winbot / z3c.pagelet_py_265_32 https://mail.zope.org/pipermail/zope-tests/2011-October/050584.html [18] FAILED winbot / z3c.tabular_py_265_32 https://mail.zope.org/pipermail/zope-tests/2011-October/050579.html [19] FAILED winbot
