Debian: zope vulnerability

    Date 11 Aug 2000
    3372
    Posted By LinuxSecurity Advisories
    On versions of Zope prior to 2.2beta1 it was possible for a user with theability to edit DTML can gain unauthorized access to extra roles during arequest.
    -----BEGIN PGP SIGNED MESSAGE-----
    
    - ------------------------------------------------------------------------
    Debian Security Advisory                             This email address is being protected from spambots. You need JavaScript enabled to view it. 
    https://www.debian.org/security/                            Michael Stone
    August 11, 2000
    - ------------------------------------------------------------------------
    
    Package: zope
    Vulnerability type: remote unprivileged access
    Debian-specific: no
    
    On versions of Zope prior to 2.2beta1 it was possible for a user with the
    ability to edit DTML can gain unauthorized access to extra roles during a
    request. 
    
    Debian 2.1 (slink) did not include zope, and is not vulnerable. The widely-used
    Debian 2.2 (potato) pre-release does include zope and is vulnerable to this
    issue. A fixed package for Debian 2.2 (potato) is available in zope 2.1.6-5.1.
    
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    
    
    Debian GNU/Linux 2.1 alias slink
    - --------------------------------
    
      This version of Debian did not include zope and is not vulnerable.
    
    
    
    Debian GNU/Linux 2.2 alias potato
    - ---------------------------------
    
      Source archives:
         https://security.debian.org/dists/frozen/updates/main/source/zope_2.1.6-5.1.diff.gz
          MD5 checksum: c75d6ccc953227214aa8cdcdc720c38a
         https://security.debian.org/dists/frozen/updates/main/source/zope_2.1.6-5.1.dsc
          MD5 checksum: 8332bcfbadc37bbe32e2a64d3b41300f
         https://security.debian.org/dists/frozen/updates/main/source/zope_2.1.6.orig.tar.gz
          MD5 checksum: 6ec4320afd6925c24f9f1b5cd7c4d7c5
      Alpha architecture:
         https://security.debian.org/dists/frozen/updates/main/binary-alpha/zope_2.1.6-5.1_alpha.deb
          MD5 checksum: f3432b908238de8b2fef2d8f10dd82ae
      Arm architecture:
         https://security.debian.org/dists/frozen/updates/main/binary-arm/zope_2.1.6-5.1_arm.deb
          MD5 checksum: 59bb35f4ac17bf1aa6c37d76a624f3c7
      Intel ia32 architecture:
         https://security.debian.org/dists/frozen/updates/main/binary-i386/zope_2.1.6-5.1_i386.deb
          MD5 checksum: 4716213c3986dd0e871a33acc8576c66
      Motorola 680x0 architecture:
        Will be available shortly
      PowerPC architecture:
         https://security.debian.org/dists/frozen/updates/main/binary-powerpc/zope_2.1.6-5.1_powerpc.deb
          MD5 checksum: 1345120dcca3a253b099b6d42ffc9f4b
      Sun Sparc architecture:
         https://security.debian.org/dists/frozen/updates/main/binary-sparc/zope_2.1.6-5.1_sparc.deb
          MD5 checksum: ed818435e7b672521d364a3c044a4043
    
    
    -----BEGIN PGP SIGNATURE-----
    Version: 2.6.3ia
    Charset: noconv
    
    iQCVAwUBOZSaiw0hVr09l8FJAQG2nwP9HYCgsfMOrTBrRQeUzjbsXXuneUpOrzAZ
    8kOLGczsIFWo7n3CDtCMjmgrXVfuF6zSq4XS9afJahLrdwfJWdXjhMXb7SHQ71ZU
    J/2OHoZdGVR2HizEKY8M3wpWw+BnJMUaLomv2LkgqaO5K2zJ2zNgLKIlHCrYHjIP
    cRtS6qszYqw=
    =ZzS9
    -----END PGP SIGNATURE-----
    

    Advisories

    LinuxSecurity Poll

    Have you ever used tcpdump for network troubleshooting or debugging?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 2 answer(s).
    /main-polls/36-have-you-ever-used-tcpdump-for-network-troubleshooting-or-debugging?task=poll.vote&format=json
    36
    radio
    [{"id":"125","title":"Yes","votes":"36","type":"x","order":"1","pct":80,"resources":[]},{"id":"126","title":"No ","votes":"9","type":"x","order":"2","pct":20,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350


    VIEW MORE POLLS

    bottom 200

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.