|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Conectiva Linux Security Announcement - Zope
From: secure
CONECTIVA.COM.BRDate: Tue Aug 15 2000 - 13:20:33 CDT
- Next message: Daniel Dočekal: "Translate:f summary, history and thoughts"
- Previous message: FreeBSD Security Advisories: "FreeBSD Ports Security Advisory: FreeBSD-SA-00:35.proftpd"
- Next in thread: secureCONECTIVA.COM.BR: "Conectiva Linux Security Announcement - Zope"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
-----------------------------------------------------------------------
CONECTIVA LINUX SECURITY ANNOUNCEMENT
-----------------------------------------------------------------------
PACKAGE : Zope
SUMMARY : Permission problems
DATE : 2000-08-15 15:20:00
AFFECTED CONECTIVA VERSIONS : 4.2, 5.0, 5.1
----------------------------------------------------------------------
DESCRIPTION
The issue involves the fact that the getRoles method of user objects
contained in the default UserFolder implementation returns a mutable
Python type. Because the mutable object is still associated with the
persistent User object, users with the ability to edit DTML could
arrange to give themselves extra roles for the duration of a single
request by mutating the roles list as a part of the request
processing.
SOLUTION
Zope users should upgrade to the updated packages. These packages
already contain the Hotfix that was released by the Zope team to
address this issue.
DIRECT DOWNLOAD LINKS TO THE UPDATED PACKAGES
ftp://atualizacoes.conectiva.com.br/4.2/SRPMS/Zope-2.1.7-5cl.src.rpm
ftp://atualizacoes.conectiva.com.br/4.2/i386/Zope-2.1.7-5cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/4.2/i386/Zope-components-2.1.7-5cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/4.2/i386/Zope-core-2.1.7-5cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/4.2/i386/Zope-pcgi-2.1.7-5cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/4.2/i386/Zope-services-2.1.7-5cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/4.2/i386/Zope-zpublisher-2.1.7-5cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/4.2/i386/Zope-ztemplates-2.1.7-5cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/5.0/SRPMS/Zope-2.1.7-5cl.src.rpm
ftp://atualizacoes.conectiva.com.br/5.0/i386/Zope-2.1.7-5cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/5.0/i386/Zope-components-2.1.7-5cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/5.0/i386/Zope-core-2.1.7-5cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/5.0/i386/Zope-pcgi-2.1.7-5cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/5.0/i386/Zope-services-2.1.7-5cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/5.0/i386/Zope-zpublisher-2.1.7-5cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/5.0/i386/Zope-ztemplates-2.1.7-5cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/5.1/SRPMS/Zope-2.1.7-5cl.src.rpm
ftp://atualizacoes.conectiva.com.br/5.1/i386/Zope-2.1.7-5cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/5.1/i386/Zope-components-2.1.7-5cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/5.1/i386/Zope-core-2.1.7-5cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/5.1/i386/Zope-pcgi-2.1.7-5cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/5.1/i386/Zope-services-2.1.7-5cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/5.1/i386/Zope-zpublisher-2.1.7-5cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/5.1/i386/Zope-ztemplates-2.1.7-5cl.i386.rpm
----------------------------------------------------------------------
All packages are signed with Conectiva's GPG key. The key can be
obtained at http://www.conectiva.com.br/contato
----------------------------------------------------------------------
subscribe: atualizacoes-anuncio-subscribebazar.conectiva.com.br
unsubscribe: atualizacoes-anuncio-unsubscribebazar.conectiva.com.br
- Next message: Daniel Dočekal: "Translate:f summary, history and thoughts"
- Previous message: FreeBSD Security Advisories: "FreeBSD Ports Security Advisory: FreeBSD-SA-00:35.proftpd"
- Next in thread: secureCONECTIVA.COM.BR: "Conectiva Linux Security Announcement - Zope"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]