linux, säkerhet

5203225 2000-06-16  19:03  /59 rader/ Postmaster
Mottagare: Bugtraq (import) <11323>
Ärende: Conectiva Linux Security Announcement - ZOPE
------------------------------------------------------------
Approved-By: aleph1@SECURITYFOCUS.COM
Delivered-To: bugtraq@lists.securityfocus.com
Delivered-To: bugtraq@securityfocus.com
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Message-ID:  <20000616103807.A3768@conectiva.com.br>
Date:         Fri, 16 Jun 2000 10:38:07 -0300
Reply-To: Sergio Bruder <bruder@CONECTIVA.COM.BR>
Sender: Bugtraq List <BUGTRAQ@SECURITYFOCUS.COM>
From: Sergio Bruder <bruder@CONECTIVA.COM.BR>
X-To:         lwn@lwn.net, facosta@centroin.com.br, brain@matrix.com.br 
             bos@sekure.org
To: BUGTRAQ@SECURITYFOCUS.COM

----------------------------------------------------------------------
CONECTIVA LINUX SECURITY ANNOUNCEMENT
----------------------------------------------------------------------

PACKAGE: zope

SUMMARY                     : Security problems in DocumentTemplate
DATE                        : 2000-06-16
AFFECTED CONECTIVA VERSIONS : 4.2, 5.0


DESCRIPTION
The issue involves an inadequately protected method in one of the
base classes in the DocumentTemplate package that could allow the
contents of +DTMLDocuments or DTMLMethods to be changed remotely or
through DTML code without forcing proper user authorization.


SOLUTION
All users must upgrade to the 2.1.7 Zope version.


DIRECT DOWNLOAD LINKS TO UPDATED PACKAGES

ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/i386/Zope-2.1.7-1cl.i386.rpm
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/i386/Zope-components-2.1.7-1cl.i386.rpm
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/i386/Zope-core-2.1.7-1cl.i386.rpm
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/i386/Zope-pcgi-2.1.7-1cl.i386.rpm
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/i386/Zope-services-2.1.7-1cl.i386.rpm
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/i386/Zope-zpublisher-2.1.7-1cl.i386.rpm
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/i386/Zope-ztemplates-2.1.7-1cl.i386.rpm


DIRECT LINK TO THE SOURCE PACKAGE
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/blahblahblah.src.rpm


----------------------------------------------------------------------

All packages are signed with Conectiva's PGP key. The key can be
obtained at http://www.conectiva.com.br/conectiva/contato.html

----------------------------------------------------------------------
subscribe: atualizacoes-anuncio-subscribe@bazar.conectiva.com.br
unsubscribe: atualizacoes-anuncio-unsubscribe@bazar.conectiva.com.br
(5203225) ------------------------------------------(Ombruten)