Stay Vigilant with Timely Linux Security Advisories

security advisorydenial of servicecritical

Ubuntu 9.04 USN-848-1 Critical: Zope Remote Code Execution Advisory

It was discovered that the Zope Object Database (ZODB) database server (ZEO) improperly filtered certain commands when a database is shared among multiple applications or application instances. A remote attacker could send malicious commands to the server and execute arbitrary code. (CVE-2009-0668) [More...]. ==========================================================Ubuntu Security Notice USN-848-1 October 14, 2009 zope3 vulnerabilities CVE-2009-0668, CVE-2009-0669 ========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 8.04 LTS Ubuntu 8.10 Ubuntu 9.04 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: zope3 3.2.1-1ubuntu1.2 Ubuntu 8.04 LTS: zope3 3.3.1-5ubuntu2.2 Ubuntu 8.10: zope3 3.3.1-7ubuntu0.2 Ubuntu 9.04: zope3 3.4.0-0ubuntu3.3 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: It was discovered that the Zope Object Database (ZODB) database server (ZEO) improperly filtered certain commands when a database is shared among multiple applications or application instances. A remote attacker could send malicious commands to the server and execute arbitrary code. (CVE-2009-0668) It was discovered that the Zope Object Database (ZODB) database server (ZEO) did not handle authentication properly when a database is shared among multiple applications or application instances. A remote attacker could use this flaw to bypass security restrictions. (CVE-2009-0669) It was discovered that Zope did not limit the number of new object ids a client could request. A remote attacker could use this flaw to consume a huge amount of resources, leading to a denial of service.(No CVE identifier) Updated packages for Ubuntu 6.06 LTS: Source archives: Size/MD5: 15470 fed4749b4509f19f8429af7ec2c55b1d Size/MD5: 882 43db6cc1f279ab194c2c7bc694c2f72e Size/MD5: 6521432 1db39a5c406c160506559cb9f2f165d4 Architecture independent packages: Size/MD5: 39342 f9532d24444dd3a1ed5d373662644f66 Size/MD5: 39592 6a9e3b2952462546e8ea8335138e2820 Size/MD5: 219974 f8622b30cccc3f2bb444cc8b5d22ec80 amd64 architecture (Athlon64, Opteron, EM64T Xeon): Size/MD5: 118764 1a06516e83a33fd4ec310e9a9301ffd8 Size/MD5: 4182650 44483957f944105491ad8e7dabadedb8 i386 architecture (x86 compatible Intel/AMD): Size/MD5: 118246 d6b56bf7eafa02c980b3e620c2e995f5 Size/MD5: 4142116 1f90fece0a372539e9544d7513df0ba6 powerpc architecture (Apple Macintosh G3/G4/G5): Size/MD5: 120234 cc813def7203f824efa6c553a548ef23 Size/MD5: 4191884 a2ac7c0be56df2967a87ad2be8ab810f sparc architecture (Sun SPARC/UltraSPARC): Size/MD5: 118506 fdf7ae68ec2438b18c600ceae942b671 Size/MD5: 4155510 22300574bee36421a1d67a29083c4206 Updated packages for Ubuntu 8.04 LTS: Source archives: Size/MD5: 18083 20487df2b36f3b62e87e5e3674f9b49f Size/MD5: 1102 c3cac6a2beceaebf9a7ea19e5c6a3e3a Size/MD5: 6582320 c0b6165233900ba29ced72b9ad95c443 Architecture independent packages: Size/MD5: 226188 b0768ba423bd4f7119672ada0c5b28a7 Size/MD5: 47508 4f191893824bf8ab9b571979f2c0f39b amd64 architecture (Athlon64, Opteron, EM64T Xeon): Size/MD5: 84276 9e8864369e23d48dbc2ee5e6b505d6a0 Size/MD5: 140358 1a01e7a7ec12b35ca294bf7b094d2f78 Size/MD5: 1012680 f309039f49b17cbf394ec7a079ffdf33 Size/MD5: 4191474 2ea3b7d72b3ce9051e49d4c0cd4bb239 i386 architecture (x86 compatible Intel/AMD): Size/MD5: 7753684ddfb7b3f9ace903a46fd42a0681312 Size/MD5: 135528 491de05a0a6f26a6d3e7926ee6e55794 Size/MD5: 912926 3f59dbd98aeac9e15a2367243513e952 Size/MD5: 4155510 149cf3673b624abd687865df7beefee8 lpia architecture (Low Power Intel Architecture): Size/MD5: 79676 1727ea7da4c0e032856fbca43109abd0 Size/MD5: 135378 7bc6cbbfe2a428ac01c681c5dcad6de6 Size/MD5: 928730 8ac9cadfce7c1318807cdd7cf996efa3 Size/MD5: 4153336 b227d194eddc1c27d9ee9f75147c8870 powerpc architecture (Apple Macintosh G3/G4/G5): Size/MD5: 88716 5a709fb65fc46e084ab92ed33d5e87a9 Size/MD5: 145068 8af744de8f3e983066858734d5a8f5c9 Size/MD5: 1051300 36b713fd35a7a4a2266a331eb57f2977 Size/MD5: 4211570 a17438ddadf26f4abf8f4f16fd2fd78c sparc architecture (Sun SPARC/UltraSPARC): Size/MD5: 72536 d69a325a65b02ff91f6b8417f8cc489f Size/MD5: 137150 ca2d1f92cc833ef2769bcd04fa67fbc5 Size/MD5: 869820 3efc21acfe5cc2e831a4bc575fbc7e86 Size/MD5: 4164162 4d6071fbbf8096ec9e0b46c79e1ce100 Updated packages for Ubuntu 8.10: Source archives: Size/MD5: 18301 f8ec099f76b1a918ef496946c887758f Size/MD5: 1492 630661aa4aa5015f091cceb1bff6e016 Size/MD5: 6582320 c0b6165233900ba29ced72b9ad95c443 Architecture independent packages: Size/MD5: 226016 c12e26381eeee9928034a3dc7f5bc422 Size/MD5: 47474 0e2ebdb80591e3df5ac265bed234c721 amd64 architecture (Athlon64, Opteron, EM64T Xeon): Size/MD5: 83938 a8d76708b988762d6d2efaa462fdaf7b Size/MD5: 143190 30dc7fef8baebcc4eb2966d271bdba2e Size/MD5: 1025894 470f2c3591d8af5bdb15dedea5217692 Size/MD5: 4216264 e15e9a1f34313a7bdf8d6c399d19fe85 i386 architecture (x86 compatible Intel/AMD): Size/MD5: 77896 2fc948ef442fc3f68797b90373efb43b Size/MD5: 1353988e92e33ea8fc19771517c9a4455d7d86 Size/MD5: 920744 16c02019b46b915c06cc43fd80177873 Size/MD5: 4179868 47cc61dfe0938fbf9c74ced6ff4842e7 lpia architecture (Low Power Intel Architecture): Size/MD5: 79802 37ee339fbd62d3f0892fb538f05d0ad9 Size/MD5: 135228 9adbf33dcd2c3de2488562e7b1eaf3b4 Size/MD5: 933792 142c5c089568a44c9c46dd87242d9213 Size/MD5: 4173950 f8406dce44706df9eb2fabff1de83895 powerpc architecture (Apple Macintosh G3/G4/G5): Size/MD5: 87708 f71296365625ec74b74b80cf55fb70a1 Size/MD5: 145132 4c4b5cda71cf3684f9552f326a428b3c Size/MD5: 1064814 ceed93c6e866b1f1cfa32e91e0b61eae Size/MD5: 4237146 96ad6cf7f8a8e27e470923dd06de0d7e sparc architecture (Sun SPARC/UltraSPARC): Size/MD5: 71866 a0fbf8204e03aaa2075512d05e750fa9 Size/MD5: 136470 6bfc39a805a363fad3016fb3efe7dada Size/MD5: 867986 d1e9c3548025b4b7291a4269ddf2bd22 Size/MD5: 4184074 b050de2b9d0506aeeec5eb6aa06e9c3b Updated packages for Ubuntu 9.04: Source archives: Size/MD5: 17843 7f3bc338430cd1f689867ec37ea963b4 Size/MD5: 1523 c067fcb2950bd81dc6f911b19c322db4 Size/MD5: 7415971 8fda92b82f19efbc18c411e1feb4268e Architecture independent packages: Size/MD5: 229726 dda6ab0a561ce9151a52c56326c250b4 Size/MD5: 50226 de3ee0b76394a56391bc5e51dd3a04f5 amd64 architecture (Athlon64, Opteron, EM64T Xeon): Size/MD5: 84706 3c5464aa6163cd28c520cfb06ce642ec Size/MD5: 152022 4a608318024d0a5649e3c418d597c8da Size/MD5: 1512942 b6e0d8efd215d79f66f790977e7ede5b Size/MD5: 4735130 3a3c8dd907efe6c972c149dc61414e8b i386 architecture (x86 compatible Intel/AMD): Size/MD5: 78600 fed4130d0d8cf83b1743fd008fd19286 Size/MD5: 145936 2f4f807d7b2b0e0b4efff4dcd26c3639 Size/MD5: 13601743eca9ab23d0708d79378f2dec3f5449b Size/MD5: 4690060 764d4479aac12c41b200cf0b1facb338 lpia architecture (Low Power Intel Architecture): Size/MD5: 80514 925b3c6d5119f97b5a9da32b7eb9208e Size/MD5: 145992 07cf55f0b99924030f38a94b06561c24 Size/MD5: 1377528 b43e8d03929574eb3bf1c8a6d1b0a199 Size/MD5: 4684766 6862d3e74a25a8eeee94751e84b3e890 powerpc architecture (Apple Macintosh G3/G4/G5): Size/MD5: 88530 c12bde43b126dd4c2fa164188e970a8e Size/MD5: 154784 094b09e86f933e1cca41e1acf97af007 Size/MD5: 1547836 d3ec091ff2f256695963d3e670022847 Size/MD5: 4757096 f2b93e040de3ee8febb223c4eb83f5d3 sparc architecture (Sun SPARC/UltraSPARC): Size/MD5: 72648 2f4dee9d5936184a1726e20dc88eb697 Size/MD5: 146202 f8753470814b77fe668f07c422b70d44 Size/MD5: 1279576 2f8cfd0847d3661f9c1771abb8105e7f Size/MD5: 4687522 0de0cc9be939d2935034e22bb5ef35b3 . Ubuntu Security Notice USN-849-1 resolves critical vulnerabilities in Apache HTTP Server that could potentially lead to remote compromise and denial of service.. Zope Vulnerabilities, Remote Code Execution, Denial of Service, Ubuntu Security. . Severity: Critical. LinuxSecurity.com Team

Oct 14, 2009 •Critical Ubuntu

security advisorydebiansecurity fix

Debian 5.0: DSA-1863-1 Critical: Zope Remote Code Execution Threat

Several remote vulnerabilities have been discovered in the zope, a feature-rich web application server written in python, that could lead to arbitrary code execution in the worst case. The Common Vulnerabilities and Exposures project identified the following problems: . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Debian Security Advisory DSA-1863-1 This email address is being protected from spambots. You need JavaScript enabled to view it. http://www.debian.org/security/ Nico Golde August 15th, 2009 http://www.debian.org/security/faq - -------------------------------------------------------------------------- Package : zope2.10/zope2.9 Vulnerability : several Problem type : remote Debian-specific: no CVE IDs : CVE-2009-0668 CVE-2009-0669 Several remote vulnerabilities have been discovered in the zope, a feature-rich web application server written in python, that could lead to arbitrary code execution in the worst case. The Common Vulnerabilities and Exposures project identified the following problems: Due to a programming error an authorization method in the StorageServer component of ZEO was not used as an internal method. This allows a malicious client to bypass authentication when connecting to a ZEO server by simply calling this authorization method (CVE-2009-0668). The ZEO server doesn't restrict the callables when unpickling data received from a malicious client which can be used by an attacker to execute arbitrary python code on the server by sending certain exception pickles. This also allows an attacker to import any importable module as ZEO is importing the module containing a callable specified in a pickle to test for a certain flag (CVE-2009-0668). The update also limits the number of new object ids a client can request to 100 as it would be possible to consume huge amounts of resources by requesting a big batch of new object ids. No CVE id has been assigned to this. The oldstable distribution(etch), this problem has been fixed in version 2.9.6-4etch2 of zope2.9. For the stable distribution (lenny), this problem has been fixed in version 2.10.6-1+lenny1 of zope2.10. For the testing distribution (squeeze), this problem will be fixed soon. For the unstable distribution (sid), this problem has been fixed in version 2.10.9-1 of zope2.10. We recommend that you upgrade your zope2.10/zope2.9 packages. Upgrade instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - ------------------------------- Debian (oldstable) - ------------------ Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: Size/MD5 checksum: 17874 3702a3e4a4519b57a12c7cccc164cf47 Size/MD5 checksum: 878 d9acba8fb8981d626357ef9d22dc19e5 Size/MD5 checksum: 6977379 e26b1a97ba98194cb6624085aff6abd0 Architecture independent packages: Size/MD5 checksum: 11916 48f2c56b9372820369fa91bef4f5559a alpha architecture (DEC Alpha) Size/MD5 checksum: 7027386 3d2cab8478b4eb10beaddcc3362c08fb amd64 architecture (AMD x86_64 (AMD64)) Size/MD5 checksum: 6992354 cc82b279f1ad82a1d076a6fa3c780d2e arm architecture (ARM) Size/MD5 checksum: 6960068 83358a26ad9ae79722835d0ec951d4ac hppa architecture (HP PA RISC) Size/MD5 checksum: 7041070 d756089b92f0a69f8b1eaff2491fb95c i386 architecture (Intel ia32) Size/MD5 checksum: 6956416 4e5fe78df1d7af6369ff82d1e7dec1db ia64 architecture (Intel ia64) Size/MD5 checksum: 7112962 b6ff6326566e61bea15d0a5bd678dfb2 mips architecture (MIPS(Big Endian)) Size/MD5 checksum: 6991206 241e11931a821606564ebb76c7b0e8b6 mipsel architecture (MIPS (Little Endian)) Size/MD5 checksum: 6932122 df0e0efcd5ae42b0a80761e6ec74c228 powerpc architecture (PowerPC) Size/MD5 checksum: 7049416 5361f987828c2080acd197d7967c7748 s390 architecture (IBM S/390) Size/MD5 checksum: 6959454 0e5f8141533ae484631045be58a40731 sparc architecture (Sun SPARC/UltraSPARC) Size/MD5 checksum: 6965468 54d47f6b31654b925bbbc63adc6d04f2 Debian GNU/Linux 5.0 alias lenny - -------------------------------- Debian (stable) - --------------- Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: Size/MD5 checksum: 7263938 6e983f0e5a0f6f1eedf347038e09b571 Size/MD5 checksum: 1356 79b85989ea078482571388ac9847f0dd Size/MD5 checksum: 14698 ad40802de32fbe651eb5a0efac571cd5 Architecture independent packages: Size/MD5 checksum: 179592 5011d75ba94a95bbc9162fe7489f032c alpha architecture (DEC Alpha) Size/MD5 checksum: 7096336 12b145509ac83da642f1bc5d6776c9e7 amd64 architecture (AMD x86_64 (AMD64)) Size/MD5 checksum: 7060682 d4244d62ff01cbc4c4f74e97bc5cff06 arm architecture (ARM) Size/MD5 checksum: 7036812 2d675eeac62d10a125b5a452446ed418 armel architecture (ARM EABI) Size/MD5 checksum: 7030436 acc8ea9724b4a4ef5ffefca0b27a70e4 hppa architecture (HP PA RISC) Size/MD5 checksum: 7115728 2747a7f8e0272049db49019dd1aff96a i386 architecture (Intel ia32) Size/MD5 checksum: 7039162 e213bd938294ac334027c208f1517560 ia64 architecture (Intel ia64) Size/MD5 checksum: 7191926 4a2f5fcf4e45214835ac7193ee797052 mipsel architecture (MIPS (Little Endian)) Size/MD5 checksum: 7004356 cea17ee62248140b5b913d2f882d6b2d powerpc architecture (PowerPC) Size/MD5 checksum: 7091444 a58d2370ecf2f87308c038d1ccea6908 s390 architecture (IBM S/390) Size/MD5 checksum: 703902094363ee0521c6e388cdb2d40ddc80f34 sparc architecture (Sun SPARC/UltraSPARC) Size/MD5 checksum: 7026956 c4716557a89f405d5fd2424ae42095b0 These files will probably be moved into the stable distribution on its next update. - --------------------------------------------------------------------------------- For apt-get: deb https://www.debian.org/security/ stable/updates main For dpkg-ftp: dists/stable/updates/main Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. Package info: `apt-cache show ' and https://www.debian.org/distrib/packages . Ubuntu Security Notice USN-3884-1 addresses critical vulnerabilities in OpenSSL, enabling potential unauthorized access. Ensure you update your system for enhanced protection.. Debian Security Advisory,Zope Remote Threats,Python Code Execution. . Severity: Critical. LinuxSecurity.com Team

Aug 15, 2009 •Critical Debian

security advisorydebiancross-site scripting

Debian 3.1: DSA-1275-1 Moderate: Zope2.7 Cross-Site Scripting Risk

Updated package.. - ------------------------------------------------------------------------Debian Security Advisory DSA-1275-1 This email address is being protected from spambots. You need JavaScript enabled to view it. http://www.debian.org/security/ Noah Meyerhans April 02, 2007 - ------------------------------------------------------------------------Package : zope2.7 Vulnerability : cross-site scripting Problem type : remote Debian-specific: no CVE Id(s) : CVE-2007-0240 BugTraq ID : 23084 Debian Bug : 416500 A cross-site scripting vulnerability in zope, a web application server, could allow an attacker to inject arbitrary HTML and/or JavaScript into the victim's web browser. This code would run within the security context of the web browser, potentially allowing the attacker to access private data such as authentication cookies, or to affect the rendering or behavior of zope web pages. For the stable distribution (sarge), this problem has been fixed in version 2.7.5-2sarge4 The upcoming stable distribution (etch) and the unstable distribution (sid) include zope2.9, and this vulnerability is fixed in version 2.9.6-4etch1 for etch and 2.9.7-1 for sid. We recommend that you upgrade your zope2.7 package. Upgrade instructions - --------------------wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian 3.1 (stable) - -------------------Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, m68k, mips, mipsel, powerpc, s390 and sparc. Source archives: Size/MD5 checksum: 2885871 5b5c5823c62370d9f7325c6014a49d8b Size/MD5 checksum: 56167 685e49f63b9a702081892b6ed645089f Size/MD5 checksum: 906 8c2978255c5b9aa7306a976690f2a1b9 alpha architecture (DEC Alpha) Size/MD5 checksum: 2670996 accef51032d175ec661fdf8ee24fef02 amd64 architecture (AMD x86_64 (AMD64)) Size/MD5 checksum: 2662496 e7ecf995badfbb26d04a9d2226733ef0 arm architecture (ARM) Size/MD5 checksum: 2616846 cf77838bf9f58c4891c0bcbcbef3e4a2 hppa architecture (HP PA RISC) Size/MD5 checksum: 2737962 48289387ae5aec6619c390472a711457 i386 architecture (Intel ia32) Size/MD5 checksum: 2631626 b28fa77d6ad2819f60c231181e616ebd ia64 architecture (Intel ia64) Size/MD5 checksum: 2961068 94cb9c371e891a7b9618073b85f0b15d m68k architecture (Motorola Mc680x0) Size/MD5 checksum: 2602568 551415edf8048443e31ae622b3e4c20a mips architecture (MIPS (Big Endian)) Size/MD5 checksum: 2677104 5480833a55d7d52aec4468adf05ed543 mipsel architecture (MIPS (Little Endian)) Size/MD5 checksum: 2679900 bd5a007af00fdf3bc6757aee775383a2 powerpc architecture (PowerPC) Size/MD5 checksum: 2725358 c70d786cb6616b22a409c9423d7e89f0 s390 architecture (IBM S/390) Size/MD5 checksum: 2664652 3cea3d42b498e00b5e581b6068d2fa28 sparc architecture (Sun SPARC/UltraSPARC) Size/MD5 checksum: 2672100 19dc901aa2b4da6f945f84b176224c93 These files will probably be moved into the stable distribution on its next update. - ---------------------------------------------------------------------------------For apt-get: deb https://www.debian.org/security/ stable/updates main For dpkg-ftp: dists/stable/updates/main Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. . Addressing cross-site scripting vulnerabilities in the zope2.7 package for Debian-based systems. Ensure you update immediately for enhanced protection.. zope2.7, Debian Security Advisory, cross-site scripting flaw. . Severity: Important. LinuxSecurity.com Team

Apr 02, 2007 •Important Debian

security advisoryupdatecritical

Debian 3.1: DSA 1176-1 Critical: Zope 2.7 Remote Threat

Updated package.. - --------------------------------------------------------------------------Debian Security Advisory DSA 1176-1 This email address is being protected from spambots. You need JavaScript enabled to view it. http://www.debian.org/security/ Moritz Muehlenhoff September 13th, 2006 http://www.debian.org/security/faq - --------------------------------------------------------------------------Package : zope2.7 Vulnerability : programming error Problem-Type : remote Debian-specific: no CVE ID : CVE-2006-4684 It was discovered that the Zope web application server does not disable the csv_table directive in web pages containing ReST markup, allowing the exposure of files readable by the Zope server. For the stable distribution (sarge) this problem has been fixed in version 2.7.5-2sarge2. The unstable distribution (sid) doesn't contain zope2.7 any longer, for zope2.8 this problem has been fixed in version 2.8.8-2. We recommend that you upgrade your Zope package. Upgrade Instructions - --------------------wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.1 alias sarge - -------------------------------- Source archives: Size/MD5 checksum: 906 b4ea5636227d16c5df630894d2b76967 Size/MD5 checksum: 51399 ee75bf3e88b6eb161ccc431e1077bce8 Size/MD5 checksum: 2885871 5b5c5823c62370d9f7325c6014a49d8b Alpha architecture: Size/MD5 checksum: 2669566 2c4d8fb2ac3e9dba4f7de9caf0868b51 AMD64 architecture: Size/MD5 checksum: 2661080 8108a298111e6abad30073cbd002093e ARM architecture: Size/MD5checksum: 2616068 9d77c1ccce693668a3a7e2bb0f35491d HP Precision architecture: Size/MD5 checksum: 2736774 1fd5611ff6fa57d561b15bae9d836fe7 Intel IA-32 architecture: Size/MD5 checksum: 2608554 779c9e75c919a1d39d0db7a9a6fc14d9 Intel IA-64 architecture: Size/MD5 checksum: 2959538 d800e88a7a988d9bb0db833df57f074a Motorola 680x0 architecture: Size/MD5 checksum: 2601510 cdd9b090bf745ab74545361936b415c8 Big endian MIPS architecture: Size/MD5 checksum: 2675666 260205e53eb3802ad50c4adcc8ac0d5f Little endian MIPS architecture: Size/MD5 checksum: 2678458 dc9af18e0027a9fb7ae507ff33e050b9 PowerPC architecture: Size/MD5 checksum: 2723958 90e0b09a7f8d299a60c09947b86a72e5 IBM S/390 architecture: Size/MD5 checksum: 2663150 a5f76f5bc20b8fde2ed6ffcf24dffa33 Sun Sparc architecture: Size/MD5 checksum: 2670708 66e3bd2e47d38d33bf951711e59f7592 These files will probably be moved into the stable distribution on its next update. - ---------------------------------------------------------------------------------For apt-get: deb https://www.debian.org/security/ stable/updates main For dpkg-ftp: dists/stable/updates/main Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. . Zope 2.7 version patch resolves external data breach risks in Debian stable. It is advised to upgrade.. Debian Security, Zope Package, Critical Update, Remote Threat, Information Disclosure. . Severity: Critical. LinuxSecurity.com Team

Sep 13, 2006 •Critical Debian

security advisorydebianremote access

Debian 3.1 DSA 910-1 Moderate: Zope2.7 Remote Inclusion Threat

Updated package.. - --------------------------------------------------------------------------Debian Security Advisory DSA 910-1 This email address is being protected from spambots. You need JavaScript enabled to view it. http://www.debian.org/security/ Martin Schulze November 24th, 2005 http://www.debian.org/security/faq - --------------------------------------------------------------------------Package : zope2.7 Vulnerability : design error Problem type : remote Debian-specific: no CVE ID : CVE-2005-3323 Debian Bug : 334055 A vulnerability has been discovered in zope 2.7, as Open Source web application server, that allows remote attackers to insert arbitrary files via include directives in reStructuredText functionality. The old stable distribution (woody) does not contain zope2.7 packages. For the stable distribution (sarge) this problem has been fixed in version 2.7.5-2sarge1. For the unstable distribution (sid) this problem has been fixed in version 2.7.8-1. We recommend that you upgrade your zope2.7 package. Upgrade Instructions - --------------------wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.1 alias sarge - -------------------------------- Source archives: Size/MD5 checksum: 906 52171ab7569c92d0b09284b7394bd310 Size/MD5 checksum: 51085 7636ffeb634bd5a8073f56842ee7f398 Size/MD5 checksum: 2885871 5b5c5823c62370d9f7325c6014a49d8b Alpha architecture: Size/MD5 checksum: 2669472 1b218ad205af19e6eb97bbc54979fe16 AMD64 architecture: Size/MD5 checksum: 2660926a8f05299408d8144dc4cea393a47edb2 ARM architecture: Size/MD5 checksum: 2615842 5644cc061bffa3b4bdf51f76f312c943 Intel IA-32 architecture: Size/MD5 checksum: 2607000 2da66e58eb2ff6eab42847662c9ab5f4 Intel IA-64 architecture: Size/MD5 checksum: 2959470 30d2380741405dbade27227e48b04db7 HP Precision architecture: Size/MD5 checksum: 2736594 490b67ba78fb43bce8840928c2f77270 Motorola 680x0 architecture: Size/MD5 checksum: 2601470 070597f691dcd405f861b77d2d8cf309 Big endian MIPS architecture: Size/MD5 checksum: 2675490 63147f75c14950320ae5f03c10d9d602 Little endian MIPS architecture: Size/MD5 checksum: 2678158 18233072e1a2777ba75b60c335b15115 PowerPC architecture: Size/MD5 checksum: 2723922 f78fb74bfbe49cc0877bd03a94f4671f IBM S/390 architecture: Size/MD5 checksum: 2663128 9ba51feffa6ea3260e1171f4ab238db6 Sun Sparc architecture: Size/MD5 checksum: 2670552 07877c4488939360804d146aa4f3c06b These files will probably be moved into the stable distribution on its next update. - ---------------------------------------------------------------------------------For apt-get: deb https://www.debian.org/security/ stable/updates main For dpkg-ftp: dists/stable/updates/main Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. . Enhance zope2.7 components to address potential remote file exposure vulnerabilities in Debian environments.. Debian Security Advisory, Zope2.7 Update, Remote Access Threat. . Severity: Important. LinuxSecurity.com Team

Nov 24, 2005 •Important Debian

security advisorygentoozope

Gentoo: GLSA-200510-20 Normal: Zope File Inclusion Issue

Zope is vulnerable to a file inclusion vulnerability when exposing RestructuredText functionalities to untrusted users.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200510-20 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Zope: File inclusion through RestructuredText Date: October 25, 2005 Bugs: #109087 ID: 200510-20 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= Zope is vulnerable to a file inclusion vulnerability when exposing RestructuredText functionalities to untrusted users. Background ========= Zope is an application server that can be used to build content management systems, intranets, portals or other custom applications. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-zope/zope < 2.7.8 > = 2.7.8 net-zope/zope == 2.8.0 net-zope/zope == 2.8.1 Description ========== Zope honors file inclusion directives in RestructuredText objects by default. Impact ===== An attacker could exploit the vulnerability by sending malicious input that would be interpreted in a RestructuredText Zope object, potentially resulting in the execution of arbitrary Zope code with the rights of the Zope server. Workaround ========= There is no known workaround at this time. Resolution ========= All Zope users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose net-zope/zope References ========= [ 1 ] Zope Hotfix 2005-10-09 Alert Availability =========== ThisGLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/200510-20 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to This email address is being protected from spambots. You need JavaScript enabled to view it. or alternatively, you may file a bug at https://bugs.gentoo.org/. License ====== Copyright 2005 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.0/ . Zope encounters a vulnerability regarding file inclusion on Gentoo systems; it is advised to perform an upgrade to enhance security measures and reduce risks.. Gentoo Security Advisory,Zope File Inclusion,RestructuredText Issue. . LinuxSecurity.com Team

Oct 25, 2005 Gentoo

security advisorycode executiondebian

Debian: DSA 490-1 critical: Zope arbitrary method access issue

A flaw in the security settings of ZCatalog allows anonymous users to call arbitrary methods of catalog indexes. The vulnerability also allows untrusted code to do the same.. Debian Security Advisory DSA 490-1 This email address is being protected from spambots. You need JavaScript enabled to view it. Debian -- Security Information Martin Schulze April 17th, 2004 Debian -- Debian security FAQ - -------------------------------------------------------------------------- Package : zope Vulnerability : arbitrary code execution Problem-Type : remote Debian-specific: no CVE ID : CVE-2002-0688 A vulnerability has been discovered in the index support of the ZCatalog plug-in in Zope, an open source web application server. A flaw in the security settings of ZCatalog allows anonymous users to call arbitrary methods of catalog indexes. The vulnerability also allows untrusted code to do the same. For the stable distribution (woody) this problem has been fixed in version 2.5.1-1woody1. For the unstable distribution (sid) this problem has been fixed in version 2.6.0-0.1 and higher. We recommend that you upgrade your zope package. Upgrade Instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.0 alias woody - -------------------------------- Source archives: Size/MD5 checksum: 684 bae9669b048bb73ff0fb4de1cba378d4 Size/MD5 checksum: 88172 d8461358bc98af430ed32dd89a45dbcb Size/MD5 checksum: 2165141 65d502b2acf986693576decad6b837cf Alpha architecture: Size/MD5 checksum: 2236994 a0eb7df5046ae357d760d18ef8a2619e ARM architecture: Size/MD5 checksum: 2148088 dba70d7c78d850557783603038bc9947 Intel IA-32 architecture: Size/MD5 checksum: 2130316 5172bd775bcd0ae107242525cf67b443 Intel IA-64 architecture: Size/MD5 checksum: 2388054 51c1ad0503162c4f0e152f233a45b3ca HP Precision architecture: Size/MD5 checksum: 2240312 bbac2d795c157069d27e63ffaf0f3b5c Motorola 680x0 architecture: Size/MD5 checksum: 2133690 1662a0ece415a56d4e25ad6f31576b9f Big endian MIPS architecture: Size/MD5 checksum: 2172370 5f127d8ac54046e75c6ab9bbfe9224c1 Little endian MIPS architecture: Size/MD5 checksum: 2170856 f57b6a66116df5b30f499f5e4cdab6aa PowerPC architecture: Size/MD5 checksum: 2168352 2b66d671fe1cb86a84df066902c503d0 IBM S/390 architecture: Size/MD5 checksum: 2153234 97df94cbfc71001ce67d6f02e6dde798 Sun Sparc architecture: Size/MD5 checksum: 2212970 5a660d1befe3b8ba2be26439eb1d1b21 These files will probably be moved into the stable distribution on its next update. - --------------------------------------------------------------------------------- For apt-get: deb Debian -- Security Information stable/updates main For dpkg-ftp: dists/stable/updates/main Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. Package info: `apt-cache show ' and https://www.debian.org/distrib/packages . Upgrade your Zope deployment on Debian to mitigate a security flaw that might permit unauthorized code execution via remote access.. Debian Security,Zope Advisory,Arbitrary Code Execution,System Updates,Remote Access Issue. . Severity: Critical. LinuxSecurity.com Team

Apr 19, 2004 •Critical Debian

security advisoryunauthorized accesscritical

Debian: DSA-056-1 Critical: Security Vulnerability in Apache Update

A new Zope hotfix has been released which fixes a problem in ZClasses.. ------------------------------------------------------------------------ Debian Security Advisory DSA-055-1 This email address is being protected from spambots. You need JavaScript enabled to view it. Debian -- Security Information Wichert Akkerman May 7, 2001 ------------------------------------------------------------------------ Package : zope Problem type : remote unauthorized access Debian-specific: no A new Zope hotfix has been released which fixes a problem in ZClasses. The README for the 2001-05-01 hotfix describes the problem as `any user can visit a ZClass declaration and change the ZClass permission mappings for methods and other objects defined within the ZClass, possibly allowing for unauthorized access within the Zope instance.' This hotfix has been added in version 2.1.6-10, and we highly recommend that you upgrade your zope package immediately. wget url will fetch the file for you dpkg -i file.deb will install the referenced file. Debian GNU/Linux 2.2 alias potato --------------------------------- Potato was released for alpha, arm, i386, m68k, powerpc and sparc. Source archives: MD5 checksum: b3fdfc267c5eb1ff8425563898c7cf40 MD5 checksum: c54e4354a0de8cd47a988541fd33cec9 MD5 checksum: 6ec4320afd6925c24f9f1b5cd7c4d7c5 Alpha architecture: MD5 checksum: 829a7766ee2b0610b15195e8f94e6c1c ARM architecture: MD5 checksum: 7964eeffa5419e4c57a26118fa2d6168 Intel ia32 architecture: MD5 checksum: b47471e49ff7b6b90ed2aedafbf3d7cc Motorola 680x0 architecture: MD5 checksum: 77ffbbdc5abd26b64ba807645eecc358 PowerPC architecture: MD5 checksum: 168dae24060cbc214d4b9e46fcbbc19e Sun Sparc architecture: MD5 checksum: eaebca293e5e597f6d9ec92744a07934 These packages will be moved into the stable distribution on its next revision. For not yet released architectures please refer to theappropriate directory . -- ---------------------------------------------------------------------------- apt-get: deb Debian -- Security Information stable/updates main dpkg-ftp: dists/stable/updates/main Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. . Crucial notice regarding the Debian Security Advisory DSA-055-1, which deals with severe vulnerabilities in Zope. Immediate application of the hotfix is recommended to safeguard the system.. Debian Security,Zope Security,Remote Access Fix. . Severity: Critical. LinuxSecurity.com Team

May 07, 2001 •Critical Debian

Community Poll

More Polls

Stay Secure with the Latest Linux Advisories

Fedora 43 hplip Major Update Addressing Possible Arbitrary Code Execution

Oracle Linux 8 Important Kernel Security Advisory ELSA-2026-21706

Oracle Linux 8 httpd Important Denial of Service Vuln ELSA-2026-22140

Oracle Linux 8 ELSA-2026-22315 compat-openssl10 Moderate DoS Fix

Oracle Linux 8 gnutls Important Buffer Overflow Auth Bypass ELSA-2026-20611

Ubuntu 20.04 LTS nginx Security Advisory for Critical DoS Vulnerabilities

Ubuntu 20.04 LTS MySQL Important Security Issues USN-8363-2

Ubuntu 20.04 LTS GStreamer Base Significant DoS Attack Vulnerability Alert

Ubuntu 26.04 LTS python-pip Moderate DoS Regression Fix USN-8344-3

Refine advisories

Get the latest News and Insights

Community Poll

What got you started with Linux?

Trending News

Ubuntu 25.10 kmod Critical Algif_aead Privilege Escalation USN-8226-1

Ubuntu 26.04 LTS nginx Critical Denial of Service 2026-42945

Ubuntu 26.04 Docker Critical Security Threats USN-8230-1 CVE-2026-33747

Debian OpenSSH Critical DSA-6204-1 CVE-2026-3497 Remote DoS Execution

Explore Latest Linux Security advisories

Ubuntu 9.04 USN-848-1 Critical: Zope Remote Code Execution Advisory

Debian 5.0: DSA-1863-1 Critical: Zope Remote Code Execution Threat

Debian 3.1: DSA-1275-1 Moderate: Zope2.7 Cross-Site Scripting Risk

Debian 3.1: DSA 1176-1 Critical: Zope 2.7 Remote Threat

Debian 3.1 DSA 910-1 Moderate: Zope2.7 Remote Inclusion Threat

Gentoo: GLSA-200510-20 Normal: Zope File Inclusion Issue

Debian: DSA 490-1 critical: Zope arbitrary method access issue

Debian: DSA-056-1 Critical: Security Vulnerability in Apache Update

Get the latest News and Insights

Community Poll

What got you started with Linux?

Trending News

Ubuntu 25.10 kmod Critical Algif_aead Privilege Escalation USN-8226-1

Ubuntu 26.04 LTS nginx Critical Denial of Service 2026-42945

Ubuntu 26.04 Docker Critical Security Threats USN-8230-1 CVE-2026-33747

Debian OpenSSH Critical DSA-6204-1 CVE-2026-3497 Remote DoS Execution

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Stay Secure with the Latest Linux Advisories

Fedora 43 hplip Major Update Addressing Possible Arbitrary Code Execution

Oracle Linux 8 Important Kernel Security Advisory ELSA-2026-21706

Oracle Linux 8 httpd Important Denial of Service Vuln ELSA-2026-22140

Oracle Linux 8 ELSA-2026-22315 compat-openssl10 Moderate DoS Fix

Oracle Linux 8 gnutls Important Buffer Overflow Auth Bypass ELSA-2026-20611

Ubuntu 20.04 LTS nginx Security Advisory for Critical DoS Vulnerabilities

Ubuntu 20.04 LTS MySQL Important Security Issues USN-8363-2

Ubuntu 20.04 LTS GStreamer Base Significant DoS Attack Vulnerability Alert

Ubuntu 26.04 LTS python-pip Moderate DoS Regression Fix USN-8344-3

Refine advisories

severity

Topics

Distro

Published Date

Get the latest News and Insights

Community Poll

What got you started with Linux?

Trending News

Explore Latest Linux Security advisories

Get the latest News and Insights

Community Poll

What got you started with Linux?

Trending News

Search Topics

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!