-----BEGIN PGP SIGNED MESSAGE-----

- ------------------------------------------------------------------------
Debian Security Advisory                             security@debian.org 
Debian -- Security Information                             Michael Stone
August 11, 2000
- ------------------------------------------------------------------------

Package: zope
Vulnerability type: remote unprivileged access
Debian-specific: no

On versions of Zope prior to 2.2beta1 it was possible for a user with the
ability to edit DTML can gain unauthorized access to extra roles during a
request. 

Debian 2.1 (slink) did not include zope, and is not vulnerable. The widely-used
Debian 2.2 (potato) pre-release does include zope and is vulnerable to this
issue. A fixed package for Debian 2.2 (potato) is available in zope 2.1.6-5.1.

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.


Debian GNU/Linux 2.1 alias slink
- --------------------------------

  This version of Debian did not include zope and is not vulnerable.



Debian GNU/Linux 2.2 alias potato
- ---------------------------------

  Source archives:
      
      MD5 checksum: c75d6ccc953227214aa8cdcdc720c38a
      
      MD5 checksum: 8332bcfbadc37bbe32e2a64d3b41300f
      
      MD5 checksum: 6ec4320afd6925c24f9f1b5cd7c4d7c5
  Alpha architecture:
      
      MD5 checksum: f3432b908238de8b2fef2d8f10dd82ae
  Arm architecture:
      
      MD5 checksum: 59bb35f4ac17bf1aa6c37d76a624f3c7
  Intel ia32 architecture:
      
      MD5 checksum: 4716213c3986dd0e871a33acc8576c66
  Motorola 680x0 architecture:
    Will be available shortly
  PowerPC architecture:
      
      MD5 checksum: 1345120dcca3a253b099b6d42ffc9f4b
  Sun Sparc architecture:
      
      MD5 checksum: ed818435e7b672521d364a3c044a4043


-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: noconv

iQCVAwUBOZSaiw0hVr09l8FJAQG2nwP9HYCgsfMOrTBrRQeUzjbsXXuneUpOrzAZ
8kOLGczsIFWo7n3CDtCMjmgrXVfuF6zSq4XS9afJahLrdwfJWdXjhMXb7SHQ71ZU
J/2OHoZdGVR2HizEKY8M3wpWw+BnJMUaLomv2LkgqaO5K2zJ2zNgLKIlHCrYHjIP
cRtS6qszYqw=ZzS9
-----END PGP SIGNATURE-----

Debian: zope vulnerability

August 11, 2000
On versions of Zope prior to 2.2beta1 it was possible for a user with theability to edit DTML can gain unauthorized access to extra roles during arequest.

Summary

Package: zope
Vulnerability type: remote unprivileged access
Debian-specific: no

On versions of Zope prior to 2.2beta1 it was possible for a user with the
ability to edit DTML can gain unauthorized access to extra roles during a
request.

Debian 2.1 (slink) did not include zope, and is not vulnerable. The widely-used
Debian 2.2 (potato) pre-release does include zope and is vulnerable to this
issue. A fixed package for Debian 2.2 (potato) is available in zope 2.1.6-5.1.

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.


Debian GNU/Linux 2.1 alias slink

This version of Debian did not include zope and is not vulnerable.



Debian GNU/Linux 2.2 alias potato

Source archives:

MD5 checksum: c75d6ccc953227214aa8cdcdc720c38a

MD5 checksum: 8332bcfbadc37bbe32e2a64d3b41300f

MD5 checksum: 6ec4320afd6925c24f9f1b5cd7c4d7c5
Alpha architecture:

MD5 checksum: f3432b908238de8b2fef2d8f10dd82ae
Arm architecture:

MD5 checksum: 59bb35f4ac17bf1aa6c37d76a624f3c7
Intel ia32 architecture:

MD5 checksum: 4716213c3986dd0e871a33acc8576c66
Motorola 680x0 architecture:
Will be available shortly
PowerPC architecture:

MD5 checksum: 1345120dcca3a253b099b6d42ffc9f4b
Sun Sparc architecture:

MD5 checksum: ed818435e7b672521d364a3c044a4043


-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: noconv

iQCVAwUBOZSaiw0hVr09l8FJAQG2nwP9HYCgsfMOrTBrRQeUzjbsXXuneUpOrzAZ
8kOLGczsIFWo7n3CDtCMjmgrXVfuF6zSq4XS9afJahLrdwfJWdXjhMXb7SHQ71ZU
J/2OHoZdGVR2HizEKY8M3wpWw+BnJMUaLomv2LkgqaO5K2zJ2zNgLKIlHCrYHjIP
cRtS6qszYqw=ZzS9
-----END PGP SIGNATURE-----


Severity

Related News

5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
30.Lock Globe Motherboard Esm H320
1 - 2 min read
The SPDX 3.0 release marks a significant milestone in software management, particularly for Linux admins, infosec professionals, internet security
11.Locks IsometricPattern Esm H320
2 - 3 min read
Open Source maintainers and developers have been warned about the continued wave of attacks aimed at project maintainers similar to those recently
28.Lock Globe Esm H320
1 - 2 min read
A resurgence of cyberattacks targeting Linux systems in Asian campaigns through the utilization of the Pupy Remote Access Trojan (RAT) has been
27.Tablet Connections Blocks Lock Esm H320
2 - 4 min read
Canonical has recently announced the Beta release of Ubuntu Linux 24.04 LTS , codenamed "Noble Numbat." This release aims to continue Ubuntu's
21.Globe RadiatingCode Esm H320
2 - 3 min read
The open-source movement has come a long way, from its origins in the 1960s and 1970s to becoming an integral part of organizations worldwide.
13.Lock StylizedMotherboard Esm H320
2 - 3 min read
The Rust-based Edera project demonstrates a unique approach to container security that addresses cloud-native computing challenges. Let's examine
8.Locks HexConnections CodeGlobe Esm H320
2 - 3 min read
Canonical has launched Ubuntu Pro for Devices , a comprehensive offering emphasizing security and compliance for IoT device deployments. This
Sign Up