Red Hat Bugzilla – Bug 781683
CVE-2011-4462 plone: hash table collisions CPU usage DoS (oCERT-2011-003)
Last modified: 2015-07-31 02:47:30 EDT
Julian Wälde and Alexander Klink reported a flaw in the hash function used in
the implementation of the Python dictionaries (associative arrays).
A specially-crafted set of keys could trigger hash function collisions, which
degrade dictionary performance by changing hash table operations complexity
from an expected/average O(1) to the worst case O(n). Reporters were able to
find colliding strings efficiently using meet in the middle attack.
conga embeds a copy of Plone (from the source rpm):
This issue affects the version of the conga package as shipped with Red Hat Cluster Suite for Red Hat Enterprise Linux 4.
This issue affects the version of the conga package as shipped with Red Hat Enterprise Linux 5.
This issue affects the version of the plone package, as shipped with Fedora EPEL 5. Please schedule an update once there is Zope upstream patch available.
Created plone tracking bugs for this issue
Affects: epel-5 [bug 784044]