[Zope] ANNOUNCE: cgi.py vulnerability hotfix for Zope...
Brian Lloyd
brian@digicool.com
Wed, 25 Jul 2001 16:37:19 -0400
This hotfix addresses a potential denial-of-service vulnerability
in applications that use the Python cgi module (cgi.py) for parsing
of "multipart" Web form data (Zope uses this functionality internally).
More detailed information is available in the Python bug tracker at
SourceForge:
http://sourceforge.net/tracker/?group_id=5470&atid=105470&func=detail&aid=44
3120
While we are not aware of any instances of abuse of this
vulnerability, we *highly* recommend that any Zope site running versions
of Zope up to and including 2.4.0 have this hotfix product installed
to mitigate this issue. (Zope 2.4.1 will not require the
installation of a separate hotfix).
http://www.zope.org/Products/Zope/Hotfix_2001-07-25/README.txt
http://www.zope.org/Products/Zope/Hotfix_2001-07-25/Hotfix_2001-07-25.tgz
Brian Lloyd brian@digicool.com
Software Engineer 540.371.6909
Digital Creations http://www.digicool.com