exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

debian.zope.abridged

debian.zope.abridged
Posted Aug 21, 2000
Site debian.org

Debian Security Advisory - On versions of Zope prior to 2.2.1 it was possible for a user with the ability to edit DTML can gain unauthorized access to extra roles during a request. Previous announcement and fix did not fully address the issues.

systems | linux, debian
SHA-256 | 2d9b0e6f767a17c5b8a9b5386622e6b946a343abb9eea2336759a4c1f4dcd2bc

debian.zope.abridged

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----

- ------------------------------------------------------------------------
Debian Security Advisory security@debian.org
http://www.debian.org/security/ Michael Stone
August 21, 2000
- ------------------------------------------------------------------------

Package: zope
Vulnerability type: remote unprivileged access
Debian-specific: no

On versions of Zope prior to 2.2.1 it was possible for a user with the
ability to edit DTML to gain unauthorized access to extra roles during a
request. A fix was previously announced in the Debian zope package
2.1.6-5.1, but that package did not fully address the issue and has been
superseded by this announcement. More information is available at
http://www.zope.org/Products/Zope/Hotfix_2000-08-17/security_alert

Debian 2.1 (slink) did not include zope, and is not vulnerable. Debian
2.2 (potato) does include zope and is vulnerable to this issue. A fixed
package for Debian 2.2 (potato) is available in zope 2.1.6-5.2.

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.


Debian GNU/Linux 2.1 alias slink
- --------------------------------

This version of Debian did not include zope and is not vulnerable.



Debian GNU/Linux 2.2 alias potato
- ---------------------------------

Source archives:
http://security.debian.org/dists/potato/updates/main/source/zope_2.1.6-5.2.diff.gz
MD5 checksum: 2b2a0c23b842b5799520c57de2678292
http://security.debian.org/dists/potato/updates/main/source/zope_2.1.6-5.2.dsc
MD5 checksum: 04b8ff47d816bdeb5291e372e5e10006
http://security.debian.org/dists/potato/updates/main/source/zope_2.1.6.orig.tar.gz
MD5 checksum: 6ec4320afd6925c24f9f1b5cd7c4d7c5
Alpha architecture:
http://security.debian.org/dists/potato/updates/main/binary-alpha/zope_2.1.6-5.2_alpha.deb
MD5 checksum: 0f7062e8a0b7449887cba647de996fda
Arm architecture:
http://security.debian.org/dists/potato/updates/main/binary-arm/zope_2.1.6-5.2_arm.deb
MD5 checksum: 64ce5c2f0edb255ccc89b8006cc2f0d2
Intel ia32 architecture:
http://security.debian.org/dists/potato/updates/main/binary-i386/zope_2.1.6-5.2_i386.deb
MD5 checksum: b105defbc9f1d66bb2cb89ef05b94d40
Motorola 680x0 architecture:
Will be available shortly
PowerPC architecture:
Will be available shortly
Sun Sparc architecture:
http://security.debian.org/dists/potato/updates/main/binary-sparc/zope_2.1.6-5.2_sparc.deb
MD5 checksum: d1cefd0a6d40e3b1f00889b7b2d489a9

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.2 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iQCVAwUBOaEhTA0hVr09l8FJAQHnewQAnD5faWwqBRiDhUiIwOFRpBw5a3kdFifo
yecN02T7daxX1hP8JJ9SFVwC+CvTax+rs+0pAhPDPljbiLy+ink0gGI8rGNffeZW
qI+wvZRw3gdGynwYmP2c7ssiR3HyF6rh69DVZFeqytWnL3fS9IQi5HxdLTWP2tQi
LcgLcGCht/Q=
=6Ym9
-----END PGP SIGNATURE-----


--
To UNSUBSCRIBE, email to debian-security-announce-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Login or Register to add favorites

File Archive:

December 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    0 Files
  • 2
    Dec 2nd
    41 Files
  • 3
    Dec 3rd
    25 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close