[Zope] Hotfix for security vulnerability
Encolpe Degoute
encolpe.degoute at quadra-informatique.fr
Tue Oct 25 10:52:33 UTC 2011
Hello,
Both of these url are not available:
- http://download.zope.org/Zope2/index/2.12.21/versions.cfg
- http://download.zope.org/Zope2/index/2.13.11/versions.cfg
Regards,
Encolpe DEGOUTE
Le 24/10/2011 23:54, Tres Seaver a écrit :
> On behalf of the Zope security response team, I would like to announce
> the availability of a hotfix for a vulnerability inadvertently
> published earlier today.
>
> 'Products.Zope_Hotfix_20111024' README
> ======================================
>
> Overview
> --------
>
> This hotfix addresses a serious vulnerability in the Zope2
> application server. Affected versions of Zope2 include:
>
> - 2.12.x <= 2.12.20
>
> - 2.13.x <= 2.13.6
>
> Older releases (2.11.x, 2.10.x, etc.) are not vulnerable.
>
> The Zope2 security response team recommends that all users of
> these releases upgrade to an unaffected release (2.12.21 or
> 2.13.11) as soon as they become available.
>
> Until that upgrade is feasible, deploying this hotfix also
> mitigates the vulnerability.
>
>
> Installing the Hotfix: Via 'easy_install'
> -------------------------------------------
>
> If the Python which runs your Zope instance has 'setuptools'
> installed (or is a 'virtualenv'), you can install the hotfix
> directly from PyPI::
>
> $ /prefix/bin/easy_install Products.Zope_Hotfix_20111024
>
> and then restart the Zope instance, e.g.:
>
> $ /path/to/instance/bin/zopectl restart
>
>
> Installing the Hotfix: Via 'zc.buildout'
> -----------------------------------------
>
> If your Zope instance is managed via 'zc.buildout', you can
> install the hotfix directly from PyPI. Edit the 'buildout.cfg'
> file, adding "Products.Zope_Hotfix_20111024" to the "eggs"
> section of the instance. E.g.::
>
> [instance] recipe = plone.recipe.zope2instance #... eggs =
> ${buildout:eggs} Products.Zope_Hotfix_20111024
>
> Next, re-run the buildout::
>
> $ /path/to/buildout/bin/buildout
>
> and then restart the Zope instance, e.g.:
>
> $ /path/to/buildout/bin/instance restart
>
>
> Installing the Hotfix: Manual Installation
> -------------------------------------------
>
> You may also install this hotfix manually. Download the tarball from
> the PyPI page:
>
> http://pypi.python.org/pypi/Products.Zope_Hotfix_20111024
>
> Unpack the tarball and add a 'products' key to the 'etc/zope.conf' of
> your instance. E.g.::
>
> products /path/to/Products.Zope_Hotfix_20111024/Products
>
> and restart.
>
>
> Verifying the Installation
> --------------------------
>
> After restarting the Zope instance, check the
> 'Control_Panel/Products' folder in the Zope Management Interface,
> e.g.:
>
> http://localhost:8080/Control_Panel/Products/manage_main
>
> You should see the 'Zope_Hotfix_20111024' product folder there.
>
>
>
> Tres.
> _______________________________________________
> Zope maillist - Zope at zope.org
> https://mail.zope.org/mailman/listinfo/zope
> ** No cross posts or HTML encoding! **
> (Related lists -
> https://mail.zope.org/mailman/listinfo/zope-announce
> https://mail.zope.org/mailman/listinfo/zope-dev )
>
More information about the Zope
mailing list