Linux Security
    Linux Security
    Linux Security

    Debian: zope vulnerability

    Date 11 Aug 2000
    Posted By LinuxSecurity Advisories
    On versions of Zope prior to 2.2beta1 it was possible for a user with theability to edit DTML can gain unauthorized access to extra roles during arequest.
    - ------------------------------------------------------------------------
    Debian Security Advisory                             This email address is being protected from spambots. You need JavaScript enabled to view it.                            Michael Stone
    August 11, 2000
    - ------------------------------------------------------------------------
    Package: zope
    Vulnerability type: remote unprivileged access
    Debian-specific: no
    On versions of Zope prior to 2.2beta1 it was possible for a user with the
    ability to edit DTML can gain unauthorized access to extra roles during a
    Debian 2.1 (slink) did not include zope, and is not vulnerable. The widely-used
    Debian 2.2 (potato) pre-release does include zope and is vulnerable to this
    issue. A fixed package for Debian 2.2 (potato) is available in zope 2.1.6-5.1.
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    Debian GNU/Linux 2.1 alias slink
    - --------------------------------
      This version of Debian did not include zope and is not vulnerable.
    Debian GNU/Linux 2.2 alias potato
    - ---------------------------------
      Source archives:
          MD5 checksum: c75d6ccc953227214aa8cdcdc720c38a
          MD5 checksum: 8332bcfbadc37bbe32e2a64d3b41300f
          MD5 checksum: 6ec4320afd6925c24f9f1b5cd7c4d7c5
      Alpha architecture:
          MD5 checksum: f3432b908238de8b2fef2d8f10dd82ae
      Arm architecture:
          MD5 checksum: 59bb35f4ac17bf1aa6c37d76a624f3c7
      Intel ia32 architecture:
          MD5 checksum: 4716213c3986dd0e871a33acc8576c66
      Motorola 680x0 architecture:
        Will be available shortly
      PowerPC architecture:
          MD5 checksum: 1345120dcca3a253b099b6d42ffc9f4b
      Sun Sparc architecture:
          MD5 checksum: ed818435e7b672521d364a3c044a4043
    Version: 2.6.3ia
    Charset: noconv
    -----END PGP SIGNATURE-----

    LinuxSecurity Poll

    I agree with Linus Torvalds - Apple's new M1-powered laptops should run on Linux.

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 2 answer(s).
    [{"id":"158","title":"True","votes":"11","type":"x","order":"1","pct":10.68,"resources":[]},{"id":"159","title":"False","votes":"92","type":"x","order":"2","pct":89.32,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350

    Please vote first in order to view vote results.


    bottom 200

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.