Debian: DSA-006-1 Critical: Zope Privilege Escalation Threat
debian
December 19, 2000
Previous versions allowed users with privileges in one folder could gain privileges in another folder.
Topics Covered
Summary
Package : zope
Problem type : privilege escalation
Debian-specific: no
Last week a Zope (security advisory was released which indicated
Erik Enge found a problem in the way Zope calculates roles. In some
situations Zope checked the wrong folder hierarchy which could
cause it to grant local roles when it should not. In other words:
users with privileges in one folder could gain privileges in
another folder.
This has been fixed in version 2.1.6-5.3 by including the
2000-12-15 hotfix, and we recommend that you upgrade your zope
package immediately.
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
Debian GNU/Linux 2.2 alias potato
Potato was released for alpha, arm, i386, m68k, powerpc and sparc.
At this moment packages for m68k are not available yet. When they
become available they will be announced on Debian -- Security Information
Source archives:
MD5 checksum: 96bcc1bdd10f0a21d93cf0d3bfb9beb7
MD5 checksum: 6...
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!