Julian Wälde and Alexander Klink reported a flaw in the hash function used in the implementation of the Python dictionaries (associative arrays). A specially-crafted set of keys could trigger hash function collisions, which degrade dictionary performance by changing hash table operations complexity from an expected/average O(1) to the worst case O(n). Reporters were able to find colliding strings efficiently using meet in the middle attack. conga embeds a copy of Plone (from the source rpm): conga-0.12.2.tar.gz luci_db-0.12.2-4.tar.gz plib-1.8.5 plib-1.8.5.tar.gz Plone-2.5.5.tar.gz Zope-2.9.8-final.tgz
This issue affects the version of the conga package as shipped with Red Hat Cluster Suite for Red Hat Enterprise Linux 4. This issue affects the version of the conga package as shipped with Red Hat Enterprise Linux 5. -- This issue affects the version of the plone package, as shipped with Fedora EPEL 5. Please schedule an update once there is Zope upstream patch available.
Statement: (none)
Created plone tracking bugs for this issue Affects: epel-5 [bug 784044]