Debian: New zope2.7 packages fix information disclosure

    Date18 Jul 2006
    CategoryDebian
    3850
    Posted ByLinuxSecurity Advisories
    Updated package.
    - --------------------------------------------------------------------------
    Debian Security Advisory DSA 1113-1                    This email address is being protected from spambots. You need JavaScript enabled to view it.
    http://www.debian.org/security/                         Moritz Muehlenhoff
    July 18th, 2006                         http://www.debian.org/security/faq
    - --------------------------------------------------------------------------
    
    Package        : zope2.7
    Vulnerability  : programming error
    Problem-Type   : remote
    Debian-specific: no
    CVE ID         : CVE-2006-3458
    Debian Bug     : 377277
    
    It was discovered that the Zope web application server allows read access
    to arbitrary pages on the server, if a user has the privilege to edit
    "restructured text" pages.
    
    For the stable distribution (sarge) this problem has been fixed in
    version 2.7.5-2sarge2.
    
    The unstable distribution (sid) does no longer contain Zope 2.7 packages.
    
    We recommend that you upgrade your zope2.7 package.
    
    
    Upgrade Instructions
    - --------------------
    
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    
    
    Debian GNU/Linux 3.1 alias sarge
    - --------------------------------
    
      Source archives:
    
        http://security.debian.org/pool/updates/main/z/zope2.7/zope2.7_2.7.5-2sarge2.dsc
          Size/MD5 checksum:      906 e23c6dc88c7af48940e86fa41f97d536
        http://security.debian.org/pool/updates/main/z/zope2.7/zope2.7_2.7.5-2sarge2.diff.gz
          Size/MD5 checksum:    51266 a30c65b102a2ae75eb8e953826ec397b
        http://security.debian.org/pool/updates/main/z/zope2.7/zope2.7_2.7.5.orig.tar.gz
          Size/MD5 checksum:  2885871 5b5c5823c62370d9f7325c6014a49d8b
    
      Alpha architecture:
    
        http://security.debian.org/pool/updates/main/z/zope2.7/zope2.7_2.7.5-2sarge2_alpha.deb
          Size/MD5 checksum:  2669594 3012b1b7c60fbaa2a4e28270d8524993
    
      AMD64 architecture:
    
        http://security.debian.org/pool/updates/main/z/zope2.7/zope2.7_2.7.5-2sarge2_amd64.deb
          Size/MD5 checksum:  2661200 a2396ea45bdee6684526e50bbd91d407
    
      ARM architecture:
    
        http://security.debian.org/pool/updates/main/z/zope2.7/zope2.7_2.7.5-2sarge2_arm.deb
          Size/MD5 checksum:  2615998 94eba92b3e764b1409d9f204752c145d
    
      Intel IA-32 architecture:
    
        http://security.debian.org/pool/updates/main/z/zope2.7/zope2.7_2.7.5-2sarge2_i386.deb
          Size/MD5 checksum:  2608476 0d2255ee8404c285df5d218ff1720ca1
    
      Intel IA-64 architecture:
    
        http://security.debian.org/pool/updates/main/z/zope2.7/zope2.7_2.7.5-2sarge2_ia64.deb
          Size/MD5 checksum:  2959536 3f930a43af8b566f3ea791d7dd37b5cd
    
      HP Precision architecture:
    
        http://security.debian.org/pool/updates/main/z/zope2.7/zope2.7_2.7.5-2sarge2_hppa.deb
          Size/MD5 checksum:  2736776 55734b807c8b20f65e6e0df0e2e27820
    
      Motorola 680x0 architecture:
    
        http://security.debian.org/pool/updates/main/z/zope2.7/zope2.7_2.7.5-2sarge2_m68k.deb
          Size/MD5 checksum:  2601508 29c0606574cb83e54d8df984e0a45b25
    
      Big endian MIPS architecture:
    
        http://security.debian.org/pool/updates/main/z/zope2.7/zope2.7_2.7.5-2sarge2_mips.deb
          Size/MD5 checksum:  2675708 d48d0ef186ac908b5ab29c930e12dcb7
    
      Little endian MIPS architecture:
    
        http://security.debian.org/pool/updates/main/z/zope2.7/zope2.7_2.7.5-2sarge2_mipsel.deb
          Size/MD5 checksum:  2678350 2f8078005091cea22255944c8f5d0953
    
      PowerPC architecture:
    
        http://security.debian.org/pool/updates/main/z/zope2.7/zope2.7_2.7.5-2sarge2_powerpc.deb
          Size/MD5 checksum:  2724040 ea43d949c6e6d8970d58088dc112bc78
    
      IBM S/390 architecture:
    
        http://security.debian.org/pool/updates/main/z/zope2.7/zope2.7_2.7.5-2sarge2_s390.deb
          Size/MD5 checksum:  2663274 140d55d68fdcbe8397f3d0ec13087f7e
    
      Sun Sparc architecture:
    
        http://security.debian.org/pool/updates/main/z/zope2.7/zope2.7_2.7.5-2sarge2_sparc.deb
          Size/MD5 checksum:  2670674 cbdb9f302896fd372cd583be41a8ec2a
    
      These files will probably be moved into the stable distribution on
      its next update.
    
    - ---------------------------------------------------------------------------------
    For apt-get: deb http://security.debian.org/ stable/updates main
    For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"25","type":"x","order":"1","pct":54.35,"resources":[]},{"id":"88","title":"Should be more technical","votes":"5","type":"x","order":"2","pct":10.87,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"16","type":"x","order":"3","pct":34.78,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.