5856125 2000-12-12 17:10 -0500 /186 rader/ <redhat-announce-list-admin@redhat.com> Sänt av: mail@mail.nation.liu.se Importerad: 2000-12-13 22:26 av Brevbäraren (som är implementerad i) Python Extern mottagare: redhat-watch-list@redhat.com Extern kopiemottagare: security-alert@linuxsecurity.com Extern kopiemottagare: bugtraq@securityfocus.com Extern kopiemottagare: linux-security@redhat.com Externa svar till: redhat-announce-list@redhat.com Mottagare: Red Hat Announce (import) <1707> Sänt: 2000-12-13 22:28 Ärende: [RHSA-2000:125-02] New Zope packages are available. ------------------------------------------------------------ --------------------------------------------------------------------- Red Hat, Inc. Security Advisory Synopsis: New Zope packages are available. Advisory ID: RHSA-2000:125-02 Issue date: 2000-12-12 Updated on: 2000-12-12 Product: Red Hat Powertools Keywords: N/A Cross references: N/A --------------------------------------------------------------------- 1. Topic: Vulnerability in legacy names allows calling those contructors without the correct permissions. 2. Relevant releases/architectures: Red Hat Powertools 6.1 - i386, alpha, sparc Red Hat Powertools 6.2 - i386, alpha, sparc Red Hat Powertools 7.0 - i386, alpha 3. Problem description: A vulnerablity exists in previously released versions of Zope where users can create new DTML method instances through the Web without having the correct permissions. 4. Solution: For each RPM for your particular architecture, run: rpm -Fvh [filename] where filename is the name of the RPM. Make sure that you have applied all updates for Apache if you are using the Zope-pcgi package. NOTE: This errata supercedes all other advisories from Red Hat concerning Zope. 5. Bug IDs fixed (http://bugzilla.redhat.com/bugzilla for more info): N/A 6. RPMs required: Red Hat Powertools 6.2: alpha: ftp://updates.redhat.com/powertools/6.2/alpha/Zope-2.2.4-3.alpha.rpm ftp://updates.redhat.com/powertools/6.2/alpha/Zope-components-2.2.4-3.alpha.rpm ftp://updates.redhat.com/powertools/6.2/alpha/Zope-core-2.2.4-3.alpha.rpm ftp://updates.redhat.com/powertools/6.2/alpha/Zope-pcgi-2.2.4-3.alpha.rpm ftp://updates.redhat.com/powertools/6.2/alpha/Zope-services-2.2.4-3.alpha.rpm ftp://updates.redhat.com/powertools/6.2/alpha/Zope-zpublisher-2.2.4-3.alpha.rpm ftp://updates.redhat.com/powertools/6.2/alpha/Zope-zserver-2.2.4-3.alpha.rpm ftp://updates.redhat.com/powertools/6.2/alpha/Zope-ztemplates-2.2.4-3.alpha.rpm sparc: ftp://updates.redhat.com/powertools/6.2/sparc/Zope-2.2.4-3.sparc.rpm ftp://updates.redhat.com/powertools/6.2/sparc/Zope-components-2.2.4-3.sparc.rpm ftp://updates.redhat.com/powertools/6.2/sparc/Zope-core-2.2.4-3.sparc.rpm ftp://updates.redhat.com/powertools/6.2/sparc/Zope-pcgi-2.2.4-3.sparc.rpm ftp://updates.redhat.com/powertools/6.2/sparc/Zope-services-2.2.4-3.sparc.rpm ftp://updates.redhat.com/powertools/6.2/sparc/Zope-zpublisher-2.2.4-3.sparc.rpm ftp://updates.redhat.com/powertools/6.2/sparc/Zope-zserver-2.2.4-3.sparc.rpm ftp://updates.redhat.com/powertools/6.2/sparc/Zope-ztemplates-2.2.4-3.sparc.rpm i386: ftp://updates.redhat.com/powertools/6.2/i386/Zope-2.2.4-3.i386.rpm ftp://updates.redhat.com/powertools/6.2/i386/Zope-components-2.2.4-3.i386.rpm ftp://updates.redhat.com/powertools/6.2/i386/Zope-core-2.2.4-3.i386.rpm ftp://updates.redhat.com/powertools/6.2/i386/Zope-pcgi-2.2.4-3.i386.rpm ftp://updates.redhat.com/powertools/6.2/i386/Zope-services-2.2.4-3.i386.rpm ftp://updates.redhat.com/powertools/6.2/i386/Zope-zpublisher-2.2.4-3.i386.rpm ftp://updates.redhat.com/powertools/6.2/i386/Zope-zserver-2.2.4-3.i386.rpm ftp://updates.redhat.com/powertools/6.2/i386/Zope-ztemplates-2.2.4-3.i386.rpm sources: ftp://updates.redhat.com/powertools/6.2/SRPMS/Zope-2.2.4-3.src.rpm Red Hat Powertools 7.0: alpha: ftp://updates.redhat.com/powertools/7.0/alpha/Zope-2.2.4-4.alpha.rpm ftp://updates.redhat.com/powertools/7.0/alpha/Zope-components-2.2.4-4.alpha.rpm ftp://updates.redhat.com/powertools/7.0/alpha/Zope-core-2.2.4-4.alpha.rpm ftp://updates.redhat.com/powertools/7.0/alpha/Zope-pcgi-2.2.4-4.alpha.rpm ftp://updates.redhat.com/powertools/7.0/alpha/Zope-services-2.2.4-4.alpha.rpm ftp://updates.redhat.com/powertools/7.0/alpha/Zope-zpublisher-2.2.4-4.alpha.rpm ftp://updates.redhat.com/powertools/7.0/alpha/Zope-zserver-2.2.4-4.alpha.rpm ftp://updates.redhat.com/powertools/7.0/alpha/Zope-ztemplates-2.2.4-4.alpha.rpm i386: ftp://updates.redhat.com/powertools/7.0/i386/Zope-2.2.4-4.i386.rpm ftp://updates.redhat.com/powertools/7.0/i386/Zope-components-2.2.4-4.i386.rpm ftp://updates.redhat.com/powertools/7.0/i386/Zope-core-2.2.4-4.i386.rpm ftp://updates.redhat.com/powertools/7.0/i386/Zope-pcgi-2.2.4-4.i386.rpm ftp://updates.redhat.com/powertools/7.0/i386/Zope-services-2.2.4-4.i386.rpm ftp://updates.redhat.com/powertools/7.0/i386/Zope-zpublisher-2.2.4-4.i386.rpm ftp://updates.redhat.com/powertools/7.0/i386/Zope-zserver-2.2.4-4.i386.rpm ftp://updates.redhat.com/powertools/7.0/i386/Zope-ztemplates-2.2.4-4.i386.rpm sources: ftp://updates.redhat.com/powertools/7.0/SRPMS/Zope-2.2.4-4.src.rpm 7. Verification: MD5 sum Package Name -------------------------------------------------------------------------- 7f23985cf46d3dd1549c3efb61008064 6.2/SRPMS/Zope-2.2.4-3.src.rpm d7f73eea703056eb44007e7044c1ee01 6.2/alpha/Zope-2.2.4-3.alpha.rpm 73c19b7937255380af1877ff9ccfa7ab 6.2/alpha/Zope-components-2.2.4-3.alpha.rpm 8fa91974cbf97bd63e9d93d9f428f4ef 6.2/alpha/Zope-core-2.2.4-3.alpha.rpm 4ba68e9f304084bc05ba8b81073afe4b 6.2/alpha/Zope-pcgi-2.2.4-3.alpha.rpm 46c6e6d2347cae0b1d72292af7bb8868 6.2/alpha/Zope-services-2.2.4-3.alpha.rpm 68b4230f02400568ad4ddecf27317bd4 6.2/alpha/Zope-zpublisher-2.2.4-3.alpha.rpm dd2fec391397a727106aa9ea3da45a7e 6.2/alpha/Zope-zserver-2.2.4-3.alpha.rpm 377f033d43839e30d687f92389b01af9 6.2/alpha/Zope-ztemplates-2.2.4-3.alpha.rpm 3bde2f09e75432dba375863c7740b9dc 6.2/i386/Zope-2.2.4-3.i386.rpm dfc304409d9c7397a316de5849fa0d48 6.2/i386/Zope-components-2.2.4-3.i386.rpm c3e561101a3c49a024b600aaac5263e0 6.2/i386/Zope-core-2.2.4-3.i386.rpm 7e9f96be58da0dbf2525f2e63e35f497 6.2/i386/Zope-pcgi-2.2.4-3.i386.rpm f969f0c7ff3d293217c9ce90bee1abed 6.2/i386/Zope-services-2.2.4-3.i386.rpm 1593e474602258fc1ef21ac79f6e639b 6.2/i386/Zope-zpublisher-2.2.4-3.i386.rpm abf5a7c5938bdc27d3887137871b724c 6.2/i386/Zope-zserver-2.2.4-3.i386.rpm 6e347722a0827f60dcf97b118d3f3e60 6.2/i386/Zope-ztemplates-2.2.4-3.i386.rpm a7f02426dc7390e816ac1738b1fe5c4c 6.2/sparc/Zope-2.2.4-3.sparc.rpm 799085909efa49091c938451e64a3eac 6.2/sparc/Zope-components-2.2.4-3.sparc.rpm 5692eb110c4a82a5cd605d9108112981 6.2/sparc/Zope-core-2.2.4-3.sparc.rpm 93a9fdb0a3425cb64bbdc59cb323c53e 6.2/sparc/Zope-pcgi-2.2.4-3.sparc.rpm 0f1207038f08bfc3640a3a9a57077a7c 6.2/sparc/Zope-services-2.2.4-3.sparc.rpm cd96eee2c2465858c9762e945edd4831 6.2/sparc/Zope-zpublisher-2.2.4-3.sparc.rpm 0d8c06bfce677efe6ebd792f4909e933 6.2/sparc/Zope-zserver-2.2.4-3.sparc.rpm 1b9942b112082d9d2ac4a45d49fc20e1 6.2/sparc/Zope-ztemplates-2.2.4-3.sparc.rpm aa6dc280ac9cd160a59cc94a422f33d7 7.0/SRPMS/Zope-2.2.4-4.src.rpm 6ba5ab5536c6febe1baa5115545501ba 7.0/alpha/Zope-2.2.4-4.alpha.rpm 303db0df979bb5108d6b0ec1dc9b7086 7.0/alpha/Zope-components-2.2.4-4.alpha.rpm 651553ed0a862019ed6ae1b7f61b95d6 7.0/alpha/Zope-core-2.2.4-4.alpha.rpm babed78c7c795052e26877862205e1a6 7.0/alpha/Zope-pcgi-2.2.4-4.alpha.rpm 18c9a4075c7bb4a5d04dfab1b7180046 7.0/alpha/Zope-services-2.2.4-4.alpha.rpm 485304852c9ca212b7b64724ba1568d3 7.0/alpha/Zope-zpublisher-2.2.4-4.alpha.rpm 4571271fd46f3e888f033604a30aa0dd 7.0/alpha/Zope-zserver-2.2.4-4.alpha.rpm fbd063e9b50a164ecad4672e9b1244e6 7.0/alpha/Zope-ztemplates-2.2.4-4.alpha.rpm f53ebebbb586cd0a7a273249d8d31d46 7.0/i386/Zope-2.2.4-4.i386.rpm 6d732f25729bdb4cdd7f6e31c7166622 7.0/i386/Zope-components-2.2.4-4.i386.rpm 7ab10f25d8db9e146161a89e1e8dfd93 7.0/i386/Zope-core-2.2.4-4.i386.rpm c144ac2c1b10b0c260ac0224018c99b8 7.0/i386/Zope-pcgi-2.2.4-4.i386.rpm d4b6a2064f721dec5ca83dc3336ccbde 7.0/i386/Zope-services-2.2.4-4.i386.rpm 8f6b0b0baa3c3da30f5eb43d14ed9ab5 7.0/i386/Zope-zpublisher-2.2.4-4.i386.rpm 5b3e3e6f31cc56a797464602fd7057f5 7.0/i386/Zope-zserver-2.2.4-4.i386.rpm e9ecf895e293c0e05cb502c3042fdb21 7.0/i386/Zope-ztemplates-2.2.4-4.i386.rpm These packages are GPG signed by Red Hat, Inc. for security. Our key is available at: http://www.redhat.com/corp/contact.html You can verify each package with the following command: rpm --checksig <filename> If you only wish to verify that each package has not been corrupted or tampered with, examine only the md5sum with the following command: rpm --checksig --nogpg <filename> 8. References: http://www.zope.org/Products/Zope/Hotfix_2000-12-08/security_alert Copyright(c) 2000 Red Hat, Inc. _______________________________________________ Redhat-watch-list mailing list To unsubscribe, visit: https://listman.redhat.com/mailman/listinfo/redhat-watch-list _______________________________________________ Redhat-announce-list mailing list Redhat-announce-list@redhat.com https://listman.redhat.com/mailman/listinfo/redhat-announce-list (5856125) --------------------------------(Ombruten)