[15366] in bugtraq

home help back first fref pref prev next nref lref last post

Conectiva Linux Security Announcement - ZOPE

daemon@ATHENA.MIT.EDU (Sergio Bruder)
Fri Jun 16 13:03:27 2000

Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Message-Id:  <20000616103807.A3768@conectiva.com.br>
Date:         Fri, 16 Jun 2000 10:38:07 -0300
Reply-To: Sergio Bruder <bruder@CONECTIVA.COM.BR>
From: Sergio Bruder <bruder@CONECTIVA.COM.BR>
X-To:         lwn@lwn.net, facosta@centroin.com.br, brain@matrix.com.br,
              bos@sekure.org
To: BUGTRAQ@SECURITYFOCUS.COM

----------------------------------------------------------------------
CONECTIVA LINUX SECURITY ANNOUNCEMENT
----------------------------------------------------------------------

PACKAGE: zope

SUMMARY                     : Security problems in DocumentTemplate
DATE                        : 2000-06-16
AFFECTED CONECTIVA VERSIONS : 4.2, 5.0


DESCRIPTION
The issue involves an inadequately protected method in one of the
base classes in the DocumentTemplate package that could allow the
contents of +DTMLDocuments or DTMLMethods to be changed remotely or
through DTML code without forcing proper user authorization.


SOLUTION
All users must upgrade to the 2.1.7 Zope version.


DIRECT DOWNLOAD LINKS TO UPDATED PACKAGES

ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/i386/Zope-2.1.7-1cl.i386.rpm
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/i386/Zope-components-2.1.7-1cl.i386.rpm
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/i386/Zope-core-2.1.7-1cl.i386.rpm
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/i386/Zope-pcgi-2.1.7-1cl.i386.rpm
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/i386/Zope-services-2.1.7-1cl.i386.rpm
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/i386/Zope-zpublisher-2.1.7-1cl.i386.rpm
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/i386/Zope-ztemplates-2.1.7-1cl.i386.rpm


DIRECT LINK TO THE SOURCE PACKAGE
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/blahblahblah.src.rpm


----------------------------------------------------------------------

All packages are signed with Conectiva's PGP key. The key can be obtained at
http://www.conectiva.com.br/conectiva/contato.html

----------------------------------------------------------------------
subscribe: atualizacoes-anuncio-subscribe@bazar.conectiva.com.br
unsubscribe: atualizacoes-anuncio-unsubscribe@bazar.conectiva.com.br
home help back first fref pref prev next nref lref last post