6243434 2000-12-20 16:31 -0200 /110 rader/ <secure@CONECTIVA.COM.BR> Sänt av: joel@lysator.liu.se Importerad: 2001-03-20 00:22 av Brevbäraren (som är implementerad i) Python Extern mottagare: BUGTRAQ@SECURITYFOCUS.COM Externa svar till: secure@CONECTIVA.COM.BR Mottagare: Bugtraq (import) <15986> Ärende: [CLA-2000:365] Conectiva Linux Security Announcement - Zope ------------------------------------------------------------ From: secure@CONECTIVA.COM.BR To: BUGTRAQ@SECURITYFOCUS.COM Message-ID: <200012201831.QAA07886@frajuto.distro.conectiva> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ----------------------------------------------------------------------- CONECTIVA LINUX SECURITY ANNOUNCEMENT - ----------------------------------------------------------------------- PACKAGE : Zope SUMMARY : Permission problems DATE : 2000-12-20 15:52:00 ID : CLA-2000:365 RELEVANT RELEASES : 4.2, 5.0, 5.1, 6.0 - ---------------------------------------------------------------------- DESCRIPTION Two hotfixes have been released that address security problems with Zope-2.1.x: 2000-21-15a: local roles computation. In some situations users with pivileges in one folder could gain the same privileges on another folder. 2000-12-18: image updating method. Users with DTML editing privileges could edit the raw data of a File or Image object via DTML, even though they did not have editing priveleges on the objects themselves. Additionally, the so called POST bug was also fixed, where POST requests would interfere with each other. SOLUTION It is recommended that all Zope users upgrade to the updated packages. DIRECT DOWNLOAD LINKS TO THE UPDATED PACKAGES ftp://atualizacoes.conectiva.com.br/4.2/SRPMS/Zope-2.1.7-10cl.src.rpm ftp://atualizacoes.conectiva.com.br/4.2/i386/Zope-2.1.7-10cl.i386.rpm ftp://atualizacoes.conectiva.com.br/4.2/i386/Zope-components-2.1.7-10cl.i386.rpm ftp://atualizacoes.conectiva.com.br/4.2/i386/Zope-core-2.1.7-10cl.i386.rpm ftp://atualizacoes.conectiva.com.br/4.2/i386/Zope-pcgi-2.1.7-10cl.i386.rpm ftp://atualizacoes.conectiva.com.br/4.2/i386/Zope-services-2.1.7-10cl.i386.rpm ftp://atualizacoes.conectiva.com.br/4.2/i386/Zope-zpublisher-2.1.7-10cl.i386.rpm ftp://atualizacoes.conectiva.com.br/4.2/i386/Zope-ztemplates-2.1.7-10cl.i386.rpm ftp://atualizacoes.conectiva.com.br/5.0/SRPMS/Zope-2.1.7-10cl.src.rpm ftp://atualizacoes.conectiva.com.br/5.0/i386/Zope-2.1.7-10cl.i386.rpm ftp://atualizacoes.conectiva.com.br/5.0/i386/Zope-components-2.1.7-10cl.i386.rpm ftp://atualizacoes.conectiva.com.br/5.0/i386/Zope-core-2.1.7-10cl.i386.rpm ftp://atualizacoes.conectiva.com.br/5.0/i386/Zope-pcgi-2.1.7-10cl.i386.rpm ftp://atualizacoes.conectiva.com.br/5.0/i386/Zope-services-2.1.7-10cl.i386.rpm ftp://atualizacoes.conectiva.com.br/5.0/i386/Zope-zpublisher-2.1.7-10cl.i386.rpm ftp://atualizacoes.conectiva.com.br/5.0/i386/Zope-ztemplates-2.1.7-10cl.i386.rpm ftp://atualizacoes.conectiva.com.br/5.1/SRPMS/Zope-2.1.7-10cl.src.rpm ftp://atualizacoes.conectiva.com.br/5.1/i386/Zope-2.1.7-10cl.i386.rpm ftp://atualizacoes.conectiva.com.br/5.1/i386/Zope-components-2.1.7-10cl.i386.rpm ftp://atualizacoes.conectiva.com.br/5.1/i386/Zope-core-2.1.7-10cl.i386.rpm ftp://atualizacoes.conectiva.com.br/5.1/i386/Zope-pcgi-2.1.7-10cl.i386.rpm ftp://atualizacoes.conectiva.com.br/5.1/i386/Zope-services-2.1.7-10cl.i386.rpm ftp://atualizacoes.conectiva.com.br/5.1/i386/Zope-zpublisher-2.1.7-10cl.i386.rpm ftp://atualizacoes.conectiva.com.br/5.1/i386/Zope-ztemplates-2.1.7-10cl.i386.rpm ftp://atualizacoes.conectiva.com.br/6.0/SRPMS/Zope-2.1.7-10cl.src.rpm ftp://atualizacoes.conectiva.com.br/6.0/RPMS/Zope-2.1.7-10cl.i386.rpm ftp://atualizacoes.conectiva.com.br/6.0/RPMS/Zope-components-2.1.7-10cl.i386.rpm ftp://atualizacoes.conectiva.com.br/6.0/RPMS/Zope-core-2.1.7-10cl.i386.rpm ftp://atualizacoes.conectiva.com.br/6.0/RPMS/Zope-pcgi-2.1.7-10cl.i386.rpm ftp://atualizacoes.conectiva.com.br/6.0/RPMS/Zope-services-2.1.7-10cl.i386.rpm ftp://atualizacoes.conectiva.com.br/6.0/RPMS/Zope-zpublisher-2.1.7-10cl.i386.rpm ftp://atualizacoes.conectiva.com.br/6.0/RPMS/Zope-ztemplates-2.1.7-10cl.i386.rpm ADDITIONAL INSTRUCTIONS Users of Conectiva Linux version 6.0 or higher may use apt to perform upgrades: - add the following line to /etc/apt/sources.list if it is not there yet (you may also use linuxconf to do this): rpm [cncbr] ftp://atualizacoes.conectiva.com.br 6.0/conectiva updates - run: apt-get update - after that, execute: apt-get upgrade Detailed instructions reagarding the use of apt and upgrade examples can be found at http://distro.conectiva.com.br/atualizacoes/#apt?idioma=en - ---------------------------------------------------------------------- All packages are signed with Conectiva's GPG key. The key can be obtained at http://www.conectiva.com.br/contato - ----------------------------------------------------------------------- All our advisories and generic update instructions can be viewed at http://www.conectiva.com.br/suporte/atualizacoes - ---------------------------------------------------------------------- subscribe: atualizacoes-anuncio-subscribe@papaleguas.conectiva.com.br unsubscribe: atualizacoes-anuncio-unsubscribe@papaleguas.conectiva.com.br -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE6QPrt42jd0JmAcZARAkdlAKCLEhpGVo4rKBcmm4hPpUGFzBL9BACfXIcU qGgSFTbWDkEcuTVzto4diYQ= =aj1L -----END PGP SIGNATURE----- (6243434) / <secure@CONECTIVA.COM.BR>/----(Ombruten)