Any views expressed within media held on this service are those of the contributors, should not be taken as approved or endorsed by the University, and do not necessarily reflect the views of the University in respect of any particular issue.

Computing Systems

Computing Systems

Informatics Computing Staff jottings

Plone Security Update

A bit belatedly we discovered that our two running Plone services were potentially vulnerable to an escalation of privileges exploit. Looking through the logs with the checker they provided, and the fact that we use Cosign authentication for most of our sites, seems to say that our sites have not been compromised in this way. Though the security advisory link below still suggests it may be worth looking through the membership for your Plone sites to make sure there’s no one unexpected on it.

We have now applied their recommended fix and both the wcms.inf and www.inf plone instances were restarted around 17:45 yesterday. This would have caused the Plone content to be inaccessible for 30s or so. Looking at the logs, neither sites were being actively accessed by humans at the time.

I have now renewed my membership of the Plone announcements list via http://plone.org/follow . Details of the security advisory at http://plone.org/products/plone/security/advisories/cve-2011-0720

Neil

Plone Security Update / Computing Systems by is licensed under a

Posted by

Categories

Uncategorized

Tags

No tags have been added to this post.

Previous post

Next post

Leave a reply

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

Plone Security Update / Computing Systems by is licensed under a
css.php

Report this page

To report inappropriate content on this page, please use the form below. Upon receiving your report, we will be in touch as per the Take Down Policy of the service.

Please note that personal data collected through this form is used and stored for the purposes of processing this report and communication with you.

If you are unable to report a concern about content via this form please contact the Service Owner.

Please enter an email address you wish to be contacted on. Please describe the unacceptable content in sufficient detail to allow us to locate it, and why you consider it to be unacceptable.
By submitting this report, you accept that it is accurate and that fraudulent or nuisance complaints may result in action by the University.

  Cancel