linux, säkerhet

5385076 2000-08-21  23:49  /84 rader/ Brevbäraren (som är implementerad i) Python
Mottagare: Bugtraq (import) <12334>
Ärende: [SECURITY] new version of zope released (updated)
------------------------------------------------------------
From: debian-security-announce@LISTS.DEBIAN.ORG
To: BUGTRAQ@SECURITYFOCUS.COM
Message-ID: <DeaKoC.A.ThD.DGSo5@murphy>

-----BEGIN PGP SIGNED MESSAGE-----

- ------------------------------------------------------------------------
Debian Security Advisory                             security@debian.org
http://www.debian.org/security/                            Michael Stone
August 21, 2000
- ------------------------------------------------------------------------

Package: zope
Vulnerability type: remote unprivileged access
Debian-specific: no

On versions of Zope prior to 2.2.1 it was possible for a user with
the ability to edit DTML to gain unauthorized access to extra roles
during a request. A fix was previously announced in the Debian zope
package 2.1.6-5.1, but that package did not fully address the issue
and has been superseded by this announcement. More information is
available at
http://www.zope.org/Products/Zope/Hotfix_2000-08-17/security_alert

Debian 2.1 (slink) did not include zope, and is not
vulnerable. Debian 2.2 (potato) does include zope and is vulnerable
to this issue. A fixed package for Debian 2.2 (potato) is available
in zope 2.1.6-5.2.

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.


Debian GNU/Linux 2.1 alias slink
- --------------------------------

  This version of Debian did not include zope and is not vulnerable.



Debian GNU/Linux 2.2 alias potato
- ---------------------------------

  Source archives:
    http://security.debian.org/dists/potato/updates/main/source/zope_2.1.6-5.2.diff.gz
      MD5 checksum: 2b2a0c23b842b5799520c57de2678292
    http://security.debian.org/dists/potato/updates/main/source/zope_2.1.6-5.2.dsc
      MD5 checksum: 04b8ff47d816bdeb5291e372e5e10006
    http://security.debian.org/dists/potato/updates/main/source/zope_2.1.6.orig.tar.gz
      MD5 checksum: 6ec4320afd6925c24f9f1b5cd7c4d7c5
  Alpha architecture:
    http://security.debian.org/dists/potato/updates/main/binary-alpha/zope_2.1.6-5.2_alpha.deb
      MD5 checksum: 0f7062e8a0b7449887cba647de996fda
  Arm architecture:
    http://security.debian.org/dists/potato/updates/main/binary-arm/zope_2.1.6-5.2_arm.deb
      MD5 checksum: 64ce5c2f0edb255ccc89b8006cc2f0d2
  Intel ia32 architecture:
    http://security.debian.org/dists/potato/updates/main/binary-i386/zope_2.1.6-5.2_i386.deb
      MD5 checksum: b105defbc9f1d66bb2cb89ef05b94d40
  Motorola 680x0 architecture:
    Will be available shortly
  PowerPC architecture:
    Will be available shortly
  Sun Sparc architecture:
    http://security.debian.org/dists/potato/updates/main/binary-sparc/zope_2.1.6-5.2_sparc.deb
      MD5 checksum: d1cefd0a6d40e3b1f00889b7b2d489a9

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.2 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iQCVAwUBOaEhTA0hVr09l8FJAQHnewQAnD5faWwqBRiDhUiIwOFRpBw5a3kdFifo
yecN02T7daxX1hP8JJ9SFVwC+CvTax+rs+0pAhPDPljbiLy+ink0gGI8rGNffeZW
qI+wvZRw3gdGynwYmP2c7ssiR3HyF6rh69DVZFeqytWnL3fS9IQi5HxdLTWP2tQi
LcgLcGCht/Q=
=6Ym9
-----END PGP SIGNATURE-----


-- To UNSUBSCRIBE, email to
debian-security-announce-request@lists.debian.org with a subject of
"unsubscribe". Trouble? Contact listmaster@lists.debian.org
(5385076) ------------------------------------------(Ombruten)