[CLA-2000:365] Conectiva Linux Security Announcement - Zope
Date: Wed, 20 Dec 2000 16:31:10 -0200
From: [email protected]
To: [email protected]
Subject: [CLA-2000:365] Conectiva Linux Security Announcement - Zope
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- -----------------------------------------------------------------------
CONECTIVA LINUX SECURITY ANNOUNCEMENT
- -----------------------------------------------------------------------
PACKAGE : Zope
SUMMARY : Permission problems
DATE : 2000-12-20 15:52:00
ID : CLA-2000:365
RELEVANT
RELEASES : 4.2, 5.0, 5.1, 6.0
- ----------------------------------------------------------------------
DESCRIPTION
Two hotfixes have been released that address security problems with
Zope-2.1.x:
2000-21-15a: local roles computation. In some situations users with
pivileges in one folder could gain the same privileges on another
folder.
2000-12-18: image updating method. Users with DTML editing privileges
could edit the raw data of a File or Image object via DTML, even
though they did not have editing priveleges on the objects
themselves.
Additionally, the so called POST bug was also fixed, where POST
requests would interfere with each other.
SOLUTION
It is recommended that all Zope users upgrade to the updated
packages.
DIRECT DOWNLOAD LINKS TO THE UPDATED PACKAGES
ftp://atualizacoes.conectiva.com.br/4.2/SRPMS/Zope-2.1.7-10cl.src.rpm
ftp://atualizacoes.conectiva.com.br/4.2/i386/Zope-2.1.7-10cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/4.2/i386/Zope-components-2.1.7-10cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/4.2/i386/Zope-core-2.1.7-10cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/4.2/i386/Zope-pcgi-2.1.7-10cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/4.2/i386/Zope-services-2.1.7-10cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/4.2/i386/Zope-zpublisher-2.1.7-10cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/4.2/i386/Zope-ztemplates-2.1.7-10cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/5.0/SRPMS/Zope-2.1.7-10cl.src.rpm
ftp://atualizacoes.conectiva.com.br/5.0/i386/Zope-2.1.7-10cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/5.0/i386/Zope-components-2.1.7-10cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/5.0/i386/Zope-core-2.1.7-10cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/5.0/i386/Zope-pcgi-2.1.7-10cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/5.0/i386/Zope-services-2.1.7-10cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/5.0/i386/Zope-zpublisher-2.1.7-10cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/5.0/i386/Zope-ztemplates-2.1.7-10cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/5.1/SRPMS/Zope-2.1.7-10cl.src.rpm
ftp://atualizacoes.conectiva.com.br/5.1/i386/Zope-2.1.7-10cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/5.1/i386/Zope-components-2.1.7-10cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/5.1/i386/Zope-core-2.1.7-10cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/5.1/i386/Zope-pcgi-2.1.7-10cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/5.1/i386/Zope-services-2.1.7-10cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/5.1/i386/Zope-zpublisher-2.1.7-10cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/5.1/i386/Zope-ztemplates-2.1.7-10cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/6.0/SRPMS/Zope-2.1.7-10cl.src.rpm
ftp://atualizacoes.conectiva.com.br/6.0/RPMS/Zope-2.1.7-10cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/6.0/RPMS/Zope-components-2.1.7-10cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/6.0/RPMS/Zope-core-2.1.7-10cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/6.0/RPMS/Zope-pcgi-2.1.7-10cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/6.0/RPMS/Zope-services-2.1.7-10cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/6.0/RPMS/Zope-zpublisher-2.1.7-10cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/6.0/RPMS/Zope-ztemplates-2.1.7-10cl.i386.rpm
ADDITIONAL INSTRUCTIONS
Users of Conectiva Linux version 6.0 or higher may use apt to perform
upgrades:
- add the following line to /etc/apt/sources.list if it is not there yet
(you may also use linuxconf to do this):
rpm [cncbr] ftp://atualizacoes.conectiva.com.br 6.0/conectiva updates
- run: apt-get update
- after that, execute: apt-get upgrade
Detailed instructions reagarding the use of apt and upgrade examples
can be found at http://distro.conectiva.com.br/atualizacoes/#apt?idioma=en
- ----------------------------------------------------------------------
All packages are signed with Conectiva's GPG key. The key can be
obtained at http://www.conectiva.com.br/contato
- -----------------------------------------------------------------------
All our advisories and generic update instructions can be viewed at
http://www.conectiva.com.br/suporte/atualizacoes
- ----------------------------------------------------------------------
subscribe: [email protected]
unsubscribe: [email protected]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE6QPrt42jd0JmAcZARAkdlAKCLEhpGVo4rKBcmm4hPpUGFzBL9BACfXIcU
qGgSFTbWDkEcuTVzto4diYQ=
=aj1L
-----END PGP SIGNATURE-----
