Back

    Debian: 'zope' vulnerability

    Date20 Dec 2000
    CategoryDebian Linux Distribution - Security Advisories
    2735
    Posted ByLinuxSecurity Advisories
    A busy week for the Zope team: on Monday another security alert wasreleased revealing a potential problem found by Peter Kelly. 
    
- ------------------------------------------------------------------------
Debian Security Advisory DSA-007-1                   This email address is being protected from spambots. You need JavaScript enabled to view it. 
https://www.debian.org/security/                         Wichert Akkerman
December 20, 2000
- ------------------------------------------------------------------------


Package        : zope
Problem type   : insufficient protection
Debian-specific: no

A busy week for the Zope team: on Monday another security alert was
released revealing a potential problem found by Peter Kelly. This
problem involved incorrect protection of data updating for Image and
File objects: any user with DTML editing privileges could update the
File or Image object data directly.

This has been fixed in version 2.1.6-5.4 by including the 2000-12-19
hotfix, and we recommend that you upgrade your zope package immediately.

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.


Debian GNU/Linux 2.2 alias potato
- ---------------------------------

  Potato was released for alpha, arm, i386, m68k, powerpc and sparc.

  Source archives:
     https://security.debian.org/dists/stable/updates/main/source/zope_2.1.6-5.4.diff.gz
      MD5 checksum: 85351d9b245c11f4ed7d95d26342f8f0
     https://security.debian.org/dists/stable/updates/main/source/zope_2.1.6-5.4.dsc
      MD5 checksum: c1e9b237ec2efa4a94a83e260c4dd550
     https://security.debian.org/dists/stable/updates/main/source/zope_2.1.6.orig.tar.gz
      MD5 checksum: 6ec4320afd6925c24f9f1b5cd7c4d7c5

  Alpha architecture:
     https://security.debian.org/dists/stable/updates/main/binary-alpha/zope_2.1.6-5.4_alpha.deb
      MD5 checksum: 28f2b7e5a8d4a90587f38d1d62469d9b

  ARM architecture:
     https://security.debian.org/dists/stable/updates/main/binary-arm/zope_2.1.6-5.4_arm.deb
      MD5 checksum: 8fa39ea6aee3f0359a4dc128815da423

  Intel ia32 architecture:
     https://security.debian.org/dists/stable/updates/main/binary-i386/zope_2.1.6-5.4_i386.deb
      MD5 checksum: 0107b0c7104d3cb97db6f9afc18e2005

  Motorola 680x0 architecture:
     https://security.debian.org/dists/stable/updates/main/binary-m68k/zope_2.1.6-5.4_m68k.deb
      MD5 checksum: f5f30733f030880ccb22e323f96d4628

  PowerPC architecture:
     https://security.debian.org/dists/stable/updates/main/binary-powerpc/zope_2.1.6-5.4_powerpc.deb
      MD5 checksum: 116fb690e9681f4b8a8ce499b578f422

  Sun Sparc architecture:
     https://security.debian.org/dists/stable/updates/main/binary-sparc/zope_2.1.6-5.4_sparc.deb
      MD5 checksum: c96083f72ff1a554b1f6f94a90405f25

  These files will be moved into
   ftp://ftp.debian.org/debian/dists/stable/*/binary-$arch/ soon.

For not yet released architectures please refer to the appropriate
directory  ftp://ftp.debian.org/debian/dists/sid/binary-$arch/ .

    Get the Latest News & Insights

    Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox

    Related News

    Google sued by Arizona for tracking users’ locations in spite of settings
    Google sued by Arizona for tracking users’ locations in spite of settings
    National Security Agency Exposes Tool Used By Russian Hackers
    National Security Agency Exposes Tool Used By Russian Hackers
    Removing A False Sense Of (open source) Security
    Removing A False Sense Of (open source) Security
    New fuzzing tool finds 26 USB bugs in Linux, Windows, macOS, and FreeBSD
    New fuzzing tool finds 26 USB bugs in Linux, Windows, macOS, and FreeBSD

    LinuxSecurity Poll

    What do you think of the LinuxSecurity Privacy news articles?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/25-what-do-you-think-of-the-linuxsecurity-privacy-news-articles?task=poll.vote&format=json
    25
    radio
    [{"id":"90","title":"Love them!","votes":"93","type":"x","order":"1","pct":79.49,"resources":[]},{"id":"91","title":"I'm indifferent","votes":"18","type":"x","order":"2","pct":15.38,"resources":[]},{"id":"92","title":"Not interested in this topic","votes":"6","type":"x","order":"3","pct":5.13,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    Advisories

    Debian LTS: DLA-2227-1: bind9 security update
    Date30 May 2020 @ 14:31
    Debian LTS: DLA-2226-1: gst-plugins-ugly0.10 security update
    Date30 May 2020 @ 09:54
    Debian LTS: DLA-2225-1: gst-plugins-good0.10 security update
    Date30 May 2020 @ 09:50
    Debian LTS: DLA-2224-1: dosfstools security update
    Date30 May 2020 @ 09:45

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy. 

    Learn More