Bugtraq mailing list archives
Conectiva Linux Security Announcement - ZOPE
From: bruder () CONECTIVA COM BR (Sergio Bruder)
Date: Fri, 16 Jun 2000 10:38:07 -0300
---------------------------------------------------------------------- CONECTIVA LINUX SECURITY ANNOUNCEMENT ---------------------------------------------------------------------- PACKAGE: zope SUMMARY: Security problems in DocumentTemplate DATE: 2000-06-16 AFFECTED CONECTIVA VERSIONS : 4.2, 5.0 DESCRIPTION The issue involves an inadequately protected method in one of the base classes in the DocumentTemplate package that could allow the contents of +DTMLDocuments or DTMLMethods to be changed remotely or through DTML code without forcing proper user authorization. SOLUTION All users must upgrade to the 2.1.7 Zope version. DIRECT DOWNLOAD LINKS TO UPDATED PACKAGES ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/i386/Zope-2.1.7-1cl.i386.rpm ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/i386/Zope-components-2.1.7-1cl.i386.rpm ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/i386/Zope-core-2.1.7-1cl.i386.rpm ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/i386/Zope-pcgi-2.1.7-1cl.i386.rpm ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/i386/Zope-services-2.1.7-1cl.i386.rpm ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/i386/Zope-zpublisher-2.1.7-1cl.i386.rpm ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/i386/Zope-ztemplates-2.1.7-1cl.i386.rpm DIRECT LINK TO THE SOURCE PACKAGE ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/blahblahblah.src.rpm ---------------------------------------------------------------------- All packages are signed with Conectiva's PGP key. The key can be obtained at http://www.conectiva.com.br/conectiva/contato.html ---------------------------------------------------------------------- subscribe: atualizacoes-anuncio-subscribe () bazar conectiva com br unsubscribe: atualizacoes-anuncio-unsubscribe () bazar conectiva com br
Current thread:
- XFree86: libICE DoS, (continued)
- XFree86: libICE DoS Chris Evans (Jun 19)
- XFree86: Various nasty libX11 holes Chris Evans (Jun 19)
- XFree86: xdm flaw; present in kdm Chris Evans (Jun 19)
- XFree86: xdm xdmcp code in wdm also Brian Russo (Jun 20)
- Re: XFree86: xdm xdmcp code in wdm also Jerome ALET (Jun 20)
- Problems with "kon2" package Chris Evans (Jun 19)
- [TL-Security-Announce] Linux Kernel TLSA2000013-1 Roger Luethi (Jun 19)
- Re: [TL-Security-Announce] Linux Kernel TLSA2000013-1 Gregory Neil Shapiro (Jun 28)
- CERT Advisory CA-2000-12 Roman Drahtmueller (Jun 19)
- Re: local root on linux 2.2.15 Joseph Gooch (Jun 15)
- Conectiva Linux Security Announcement - ZOPE Sergio Bruder (Jun 16)