|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Conectiva Linux Security Announcement - Zope
From: secure
CONECTIVA.COM.BRDate: Mon Aug 21 2000 - 13:02:22 CDT
- Next message: Alexey Yarovinsky: "Re: BrownOrifice can break firewalls! NOW MSIE"
- Previous message: Chris Sharp: "Gopher2.3.1p0 and below remote buffer overflow."
- Maybe reply: secureCONECTIVA.COM.BR: "Conectiva Linux Security Announcement - Zope"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
-----------------------------------------------------------------------
CONECTIVA LINUX SECURITY ANNOUNCEMENT
-----------------------------------------------------------------------
PACKAGE : Zope
SUMMARY : Permission problems - update
DATE : 2000-08-21 15:01:00
RELEVANT
RELEASES : 4.2, 5.0, 5.1
----------------------------------------------------------------------
DESCRIPTION
A new hotfix has been made available to address the vulnerability
where users with the ability to edit DTML could arrange to give
themselves extra roles for the duration of a single request by
mutating the roles list as a part of the request processing.
SOLUTION
All Zope users should upgrade.
DIRECT DOWNLOAD LINKS TO THE UPDATED PACKAGES
ftp://atualizacoes.conectiva.com.br/4.2/SRPMS/Zope-2.1.7-6cl.src.rpm
ftp://atualizacoes.conectiva.com.br/4.2/i386/Zope-2.1.7-6cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/4.2/i386/Zope-components-2.1.7-6cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/4.2/i386/Zope-core-2.1.7-6cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/4.2/i386/Zope-pcgi-2.1.7-6cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/4.2/i386/Zope-services-2.1.7-6cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/4.2/i386/Zope-zpublisher-2.1.7-6cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/4.2/i386/Zope-ztemplates-2.1.7-6cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/5.0/SRPMS/Zope-2.1.7-6cl.src.rpm
ftp://atualizacoes.conectiva.com.br/5.0/i386/Zope-2.1.7-6cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/5.0/i386/Zope-components-2.1.7-6cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/5.0/i386/Zope-core-2.1.7-6cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/5.0/i386/Zope-pcgi-2.1.7-6cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/5.0/i386/Zope-services-2.1.7-6cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/5.0/i386/Zope-zpublisher-2.1.7-6cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/5.0/i386/Zope-ztemplates-2.1.7-6cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/5.1/SRPMS/Zope-2.1.7-6cl.src.rpm
ftp://atualizacoes.conectiva.com.br/5.1/i386/Zope-2.1.7-6cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/5.1/i386/Zope-components-2.1.7-6cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/5.1/i386/Zope-core-2.1.7-6cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/5.1/i386/Zope-pcgi-2.1.7-6cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/5.1/i386/Zope-services-2.1.7-6cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/5.1/i386/Zope-zpublisher-2.1.7-6cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/5.1/i386/Zope-ztemplates-2.1.7-6cl.i386.rpm
----------------------------------------------------------------------
All packages are signed with Conectiva's GPG key. The key can be
obtained at http://www.conectiva.com.br/contato
----------------------------------------------------------------------
subscribe: atualizacoes-anuncio-subscribebazar.conectiva.com.br
unsubscribe: atualizacoes-anuncio-unsubscribebazar.conectiva.com.br
- Next message: Alexey Yarovinsky: "Re: BrownOrifice can break firewalls! NOW MSIE"
- Previous message: Chris Sharp: "Gopher2.3.1p0 and below remote buffer overflow."
- Maybe reply: secureCONECTIVA.COM.BR: "Conectiva Linux Security Announcement - Zope"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]