` 

---------------------------------------------------------------------
                   Red Hat, Inc. Security Advisory

Synopsis:          New Zope packages are available.
Advisory ID:       RHSA-2000:125-02
Issue date:        2000-12-12
Updated on:        2000-12-12
Product:           Red Hat Powertools
Keywords:          N/A
Cross references:  N/A
---------------------------------------------------------------------

1. Topic:

Vulnerability in legacy names allows calling those contructors without the
correct permissions.

2. Relevant releases/architectures:

Red Hat Powertools 6.1 - i386, alpha, sparc
Red Hat Powertools 6.2 - i386, alpha, sparc
Red Hat Powertools 7.0 - i386, alpha

3. Problem description:

A vulnerablity exists in previously released versions of Zope where userscan create new DTML method instances through the Web without having the
correct permissions.

4. Solution:

For each RPM for your particular architecture, run:

rpm -Fvh [filename]

where filename is the name of the RPM.

Make sure that you have applied all updates for Apache if you are using the
Zope-pcgi package.

NOTE: This errata supercedes all other advisories from Red Hat concerning
Zope.

5. Bug IDs fixed  ( for more info):

N/A

6. RPMs required:

Red Hat Powertools 6.2:

alpha: 
 
 
 
 
 
 
 

sparc: 
 
 
 
 
 
 
 

i386: 
 
 
 
 
 
 
 

sources: 

Red Hat Powertools 7.0:

alpha: 
 
 
 
 
 
 
 

i386: 
 
 
 
 
 
 
 

sources: 

7. Verification:

MD5 sum                           Package Name
--------------------------------------------------------------------------
7f23985cf46d3dd1549c3efb61008064  6.2/SRPMS/Zope-2.2.4-3.src.rpm
d7f73eea703056eb44007e7044c1ee01  6.2/alpha/Zope-2.2.4-3.alpha.rpm
73c19b7937255380af1877ff9ccfa7ab  6.2/alpha/Zope-components-2.2.4-3.alpha.rpm
8fa91974cbf97bd63e9d93d9f428f4ef  6.2/alpha/Zope-core-2.2.4-3.alpha.rpm
4ba68e9f304084bc05ba8b81073afe4b  6.2/alpha/Zope-pcgi-2.2.4-3.alpha.rpm
46c6e6d2347cae0b1d72292af7bb8868  6.2/alpha/Zope-services-2.2.4-3.alpha.rpm
68b4230f02400568ad4ddecf27317bd4  6.2/alpha/Zope-zpublisher-2.2.4-3.alpha.rpm
dd2fec391397a727106aa9ea3da45a7e  6.2/alpha/Zope-zserver-2.2.4-3.alpha.rpm
377f033d43839e30d687f92389b01af9  6.2/alpha/Zope-ztemplates-2.2.4-3.alpha.rpm
3bde2f09e75432dba375863c7740b9dc  6.2/i386/Zope-2.2.4-3.i386.rpm
dfc304409d9c7397a316de5849fa0d48  6.2/i386/Zope-components-2.2.4-3.i386.rpm
c3e561101a3c49a024b600aaac5263e0  6.2/i386/Zope-core-2.2.4-3.i386.rpm
7e9f96be58da0dbf2525f2e63e35f497  6.2/i386/Zope-pcgi-2.2.4-3.i386.rpm
f969f0c7ff3d293217c9ce90bee1abed  6.2/i386/Zope-services-2.2.4-3.i386.rpm
1593e474602258fc1ef21ac79f6e639b  6.2/i386/Zope-zpublisher-2.2.4-3.i386.rpm
abf5a7c5938bdc27d3887137871b724c  6.2/i386/Zope-zserver-2.2.4-3.i386.rpm
6e347722a0827f60dcf97b118d3f3e60  6.2/i386/Zope-ztemplates-2.2.4-3.i386.rpm
a7f02426dc7390e816ac1738b1fe5c4c  6.2/sparc/Zope-2.2.4-3.sparc.rpm
799085909efa49091c938451e64a3eac  6.2/sparc/Zope-components-2.2.4-3.sparc.rpm
5692eb110c4a82a5cd605d9108112981  6.2/sparc/Zope-core-2.2.4-3.sparc.rpm
93a9fdb0a3425cb64bbdc59cb323c53e  6.2/sparc/Zope-pcgi-2.2.4-3.sparc.rpm
0f1207038f08bfc3640a3a9a57077a7c  6.2/sparc/Zope-services-2.2.4-3.sparc.rpm
cd96eee2c2465858c9762e945edd4831  6.2/sparc/Zope-zpublisher-2.2.4-3.sparc.rpm
0d8c06bfce677efe6ebd792f4909e933  6.2/sparc/Zope-zserver-2.2.4-3.sparc.rpm
1b9942b112082d9d2ac4a45d49fc20e1  6.2/sparc/Zope-ztemplates-2.2.4-3.sparc.rpm
aa6dc280ac9cd160a59cc94a422f33d7  7.0/SRPMS/Zope-2.2.4-4.src.rpm
6ba5ab5536c6febe1baa5115545501ba  7.0/alpha/Zope-2.2.4-4.alpha.rpm
303db0df979bb5108d6b0ec1dc9b7086  7.0/alpha/Zope-components-2.2.4-4.alpha.rpm
651553ed0a862019ed6ae1b7f61b95d6  7.0/alpha/Zope-core-2.2.4-4.alpha.rpm
babed78c7c795052e26877862205e1a6  7.0/alpha/Zope-pcgi-2.2.4-4.alpha.rpm
18c9a4075c7bb4a5d04dfab1b7180046  7.0/alpha/Zope-services-2.2.4-4.alpha.rpm
485304852c9ca212b7b64724ba1568d3  7.0/alpha/Zope-zpublisher-2.2.4-4.alpha.rpm
4571271fd46f3e888f033604a30aa0dd  7.0/alpha/Zope-zserver-2.2.4-4.alpha.rpm
fbd063e9b50a164ecad4672e9b1244e6  7.0/alpha/Zope-ztemplates-2.2.4-4.alpha.rpm
f53ebebbb586cd0a7a273249d8d31d46  7.0/i386/Zope-2.2.4-4.i386.rpm
6d732f25729bdb4cdd7f6e31c7166622  7.0/i386/Zope-components-2.2.4-4.i386.rpm
7ab10f25d8db9e146161a89e1e8dfd93  7.0/i386/Zope-core-2.2.4-4.i386.rpm
c144ac2c1b10b0c260ac0224018c99b8  7.0/i386/Zope-pcgi-2.2.4-4.i386.rpm
d4b6a2064f721dec5ca83dc3336ccbde  7.0/i386/Zope-services-2.2.4-4.i386.rpm
8f6b0b0baa3c3da30f5eb43d14ed9ab5  7.0/i386/Zope-zpublisher-2.2.4-4.i386.rpm
5b3e3e6f31cc56a797464602fd7057f5  7.0/i386/Zope-zserver-2.2.4-4.i386.rpm
e9ecf895e293c0e05cb502c3042fdb21  7.0/i386/Zope-ztemplates-2.2.4-4.i386.rpm

These packages are GPG signed by Red Hat, Inc. for security.  Our key
is available at:
     
You can verify each package with the following command:
    rpm --checksig  

If you only wish to verify that each package has not been corrupted or
tampered with, examine only the md5sum with the following command:
    rpm --checksig --nogpg 

8. References:
 


Copyright(c) 2000 Red Hat, Inc.
`

Red Hat: 'Zope' vulnerability

Vulnerability in legacy names allows calling those contructors without thecorrect permissions.

Summary



Summary

A vulnerablity exists in previously released versions of Zope where userscan create new DTML method instances through the Web without having thecorrect permissions.


Solution

For each RPM for your particular architecture, run:
rpm -Fvh [filename]
where filename is the name of the RPM.
Make sure that you have applied all updates for Apache if you are using the Zope-pcgi package.
NOTE: This errata supercedes all other advisories from Red Hat concerning Zope.
5. Bug IDs fixed ( for more info):
N/A
6. RPMs required:
Red Hat Powertools 6.2:
alpha:







sparc:







i386:







sources:
Red Hat Powertools 7.0:
alpha:







i386:







sources:
7. Verification:
MD5 sum Package Name 7f23985cf46d3dd1549c3efb61008064 6.2/SRPMS/Zope-2.2.4-3.src.rpm d7f73eea703056eb44007e7044c1ee01 6.2/alpha/Zope-2.2.4-3.alpha.rpm 73c19b7937255380af1877ff9ccfa7ab 6.2/alpha/Zope-components-2.2.4-3.alpha.rpm 8fa91974cbf97bd63e9d93d9f428f4ef 6.2/alpha/Zope-core-2.2.4-3.alpha.rpm 4ba68e9f304084bc05ba8b81073afe4b 6.2/alpha/Zope-pcgi-2.2.4-3.alpha.rpm 46c6e6d2347cae0b1d72292af7bb8868 6.2/alpha/Zope-services-2.2.4-3.alpha.rpm 68b4230f02400568ad4ddecf27317bd4 6.2/alpha/Zope-zpublisher-2.2.4-3.alpha.rpm dd2fec391397a727106aa9ea3da45a7e 6.2/alpha/Zope-zserver-2.2.4-3.alpha.rpm 377f033d43839e30d687f92389b01af9 6.2/alpha/Zope-ztemplates-2.2.4-3.alpha.rpm 3bde2f09e75432dba375863c7740b9dc 6.2/i386/Zope-2.2.4-3.i386.rpm dfc304409d9c7397a316de5849fa0d48 6.2/i386/Zope-components-2.2.4-3.i386.rpm c3e561101a3c49a024b600aaac5263e0 6.2/i386/Zope-core-2.2.4-3.i386.rpm 7e9f96be58da0dbf2525f2e63e35f497 6.2/i386/Zope-pcgi-2.2.4-3.i386.rpm f969f0c7ff3d293217c9ce90bee1abed 6.2/i386/Zope-services-2.2.4-3.i386.rpm 1593e474602258fc1ef21ac79f6e639b 6.2/i386/Zope-zpublisher-2.2.4-3.i386.rpm abf5a7c5938bdc27d3887137871b724c 6.2/i386/Zope-zserver-2.2.4-3.i386.rpm 6e347722a0827f60dcf97b118d3f3e60 6.2/i386/Zope-ztemplates-2.2.4-3.i386.rpm a7f02426dc7390e816ac1738b1fe5c4c 6.2/sparc/Zope-2.2.4-3.sparc.rpm 799085909efa49091c938451e64a3eac 6.2/sparc/Zope-components-2.2.4-3.sparc.rpm 5692eb110c4a82a5cd605d9108112981 6.2/sparc/Zope-core-2.2.4-3.sparc.rpm 93a9fdb0a3425cb64bbdc59cb323c53e 6.2/sparc/Zope-pcgi-2.2.4-3.sparc.rpm 0f1207038f08bfc3640a3a9a57077a7c 6.2/sparc/Zope-services-2.2.4-3.sparc.rpm cd96eee2c2465858c9762e945edd4831 6.2/sparc/Zope-zpublisher-2.2.4-3.sparc.rpm 0d8c06bfce677efe6ebd792f4909e933 6.2/sparc/Zope-zserver-2.2.4-3.sparc.rpm 1b9942b112082d9d2ac4a45d49fc20e1 6.2/sparc/Zope-ztemplates-2.2.4-3.sparc.rpm aa6dc280ac9cd160a59cc94a422f33d7 7.0/SRPMS/Zope-2.2.4-4.src.rpm 6ba5ab5536c6febe1baa5115545501ba 7.0/alpha/Zope-2.2.4-4.alpha.rpm 303db0df979bb5108d6b0ec1dc9b7086 7.0/alpha/Zope-components-2.2.4-4.alpha.rpm 651553ed0a862019ed6ae1b7f61b95d6 7.0/alpha/Zope-core-2.2.4-4.alpha.rpm babed78c7c795052e26877862205e1a6 7.0/alpha/Zope-pcgi-2.2.4-4.alpha.rpm 18c9a4075c7bb4a5d04dfab1b7180046 7.0/alpha/Zope-services-2.2.4-4.alpha.rpm 485304852c9ca212b7b64724ba1568d3 7.0/alpha/Zope-zpublisher-2.2.4-4.alpha.rpm 4571271fd46f3e888f033604a30aa0dd 7.0/alpha/Zope-zserver-2.2.4-4.alpha.rpm fbd063e9b50a164ecad4672e9b1244e6 7.0/alpha/Zope-ztemplates-2.2.4-4.alpha.rpm f53ebebbb586cd0a7a273249d8d31d46 7.0/i386/Zope-2.2.4-4.i386.rpm 6d732f25729bdb4cdd7f6e31c7166622 7.0/i386/Zope-components-2.2.4-4.i386.rpm 7ab10f25d8db9e146161a89e1e8dfd93 7.0/i386/Zope-core-2.2.4-4.i386.rpm c144ac2c1b10b0c260ac0224018c99b8 7.0/i386/Zope-pcgi-2.2.4-4.i386.rpm d4b6a2064f721dec5ca83dc3336ccbde 7.0/i386/Zope-services-2.2.4-4.i386.rpm 8f6b0b0baa3c3da30f5eb43d14ed9ab5 7.0/i386/Zope-zpublisher-2.2.4-4.i386.rpm 5b3e3e6f31cc56a797464602fd7057f5 7.0/i386/Zope-zserver-2.2.4-4.i386.rpm e9ecf895e293c0e05cb502c3042fdb21 7.0/i386/Zope-ztemplates-2.2.4-4.i386.rpm
These packages are GPG signed by Red Hat, Inc. for security. Our key is available at:
You can verify each package with the following command: rpm --checksig
If you only wish to verify that each package has not been corrupted or tampered with, examine only the md5sum with the following command: rpm --checksig --nogpg

References

Copyright(c) 2000 Red Hat, Inc. `

Package List


Severity
Advisory ID: RHSA-2000:125-02
Issued Date: : 2000-12-12
Updated on: 2000-12-12
Product: Red Hat Powertools
Keywords: N/A
Cross references: N/A

Topic


Topic

Vulnerability in legacy names allows calling those contructors without the

correct permissions.


 

Relevant Releases Architectures

Red Hat Powertools 6.1 - i386, alpha, sparc

Red Hat Powertools 6.2 - i386, alpha, sparc

Red Hat Powertools 7.0 - i386, alpha


Bugs Fixed


Related News

28.Lock Globe Esm H320
1 - 2 min read
A resurgence of cyberattacks targeting Linux systems in Asian campaigns through the utilization of the Pupy Remote Access Trojan (RAT) has been
27.Tablet Connections Blocks Lock Esm H320
2 - 4 min read
Canonical has recently announced the Beta release of Ubuntu Linux 24.04 LTS , codenamed "Noble Numbat." This release aims to continue Ubuntu's
21.Globe RadiatingCode Esm H320
2 - 3 min read
The open-source movement has come a long way, from its origins in the 1960s and 1970s to becoming an integral part of organizations worldwide.
13.Lock StylizedMotherboard Esm H320
2 - 3 min read
The Rust-based Edera project demonstrates a unique approach to container security that addresses cloud-native computing challenges. Let's examine
8.Locks HexConnections CodeGlobe Esm H320
2 - 3 min read
Canonical has launched Ubuntu Pro for Devices , a comprehensive offering emphasizing security and compliance for IoT device deployments. This
2.Motherboard Esm H320
2 - 3 min read
The recently uncovered "Native Branch History Injection (BHI)" exploit against the Linux kernel marks a significant milestone in the ongoing battle
1.Penguin Landscape Esm H320
1 - 2 min read
There are compelling arguments in favor of Linux over Windows for desktop usage. Let's explore some advantages of choosing Linux over Windows for
4.Lock AbstractDigital Esm H320
2 - 3 min read
Canonical , the company behind Ubuntu , has introduced Netplan 1.0 , a network configuration tool that simplifies networking configuration on Linux

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved