dcsimg
Linux Today: Linux News On Internet Time.




More on LinuxToday


Debian Security Advisory: new version of zope released

Aug 12, 2000, 00:55 (0 Talkback[s])
(Other stories by Michael Stone)

Date: Fri, 11 Aug 2000 20:30:47 -0400 (EDT)
From: Michael Stone mstone@justice.loyola.edu
To: debian-security-announce@lists.debian.org
Subject: [SECURITY] new version of zope released

-----BEGIN PGP SIGNED MESSAGE-----

Debian Security Advisory                                security@debian.org
http://www.debian.org/security/                   Michael Stone 
August 11, 2000


Package: zope
Vulnerability type: remote unprivileged access
Debian-specific: no
On versions of Zope prior to 2.2beta1 it was possible for a user with the ability to edit DTML can gain unauthorized access to extra roles during a request.

Debian 2.1 (slink) did not include zope, and is not vulnerable. The widely-used Debian 2.2 (potato) pre-release does include zope and is vulnerable to this issue. A fixed package for Debian 2.2 (potato) is available in zope 2.1.6-5.1.

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.
Debian GNU/Linux 2.1 alias slink

This version of Debian did not include zope and is not vulnerable.

Debian GNU/Linux 2.2 alias potato


Source archives:
http://security.debian.org/dists/frozen/updates/main/source/zope_2.1.6-5.1.diff.gz
MD5 checksum: c75d6ccc953227214aa8cdcdc720c38a
http://security.debian.org/dists/frozen/updates/main/source/zope_2.1.6-5.1.dsc
MD5 checksum: 8332bcfbadc37bbe32e2a64d3b41300f
http://security.debian.org/dists/frozen/updates/main/source/zope_2.1.6.orig.tar.gz
MD5 checksum: 6ec4320afd6925c24f9f1b5cd7c4d7c5

Alpha architecture:
http://security.debian.org/dists/frozen/updates/main/binary-alpha/zope_2.1.6-5.1_alpha.deb
MD5 checksum: f3432b908238de8b2fef2d8f10dd82ae

Arm architecture:
http://security.debian.org/dists/frozen/updates/main/binary-arm/zope_2.1.6-5.1_arm.deb
MD5 checksum: 59bb35f4ac17bf1aa6c37d76a624f3c7

Intel ia32 architecture:
http://security.debian.org/dists/frozen/updates/main/binary-i386/zope_2.1.6-5.1_i386.deb
MD5 checksum: 4716213c3986dd0e871a33acc8576c66

Motorola 680x0 architecture:
Will be available shortly

PowerPC architecture:
http://security.debian.org/dists/frozen/updates/main/binary-powerpc/zope_2.1.6-5.1_powerpc.deb
MD5 checksum: 1345120dcca3a253b099b6d42ffc9f4b

Sun Sparc architecture:
http://security.debian.org/dists/frozen/updates/main/binary-sparc/zope_2.1.6-5.1_sparc.deb
MD5 checksum: ed818435e7b672521d364a3c044a4043

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: noconv

iQCVAwUBOZSaiw0hVr09l8FJAQG2nwP9HYCgsfMOrTBrRQeUzjbsXXuneUpOrzAZ
8kOLGczsIFWo7n3CDtCMjmgrXVfuF6zSq4XS9afJahLrdwfJWdXjhMXb7SHQ71ZU
J/2OHoZdGVR2HizEKY8M3wpWw+BnJMUaLomv2LkgqaO5K2zJ2zNgLKIlHCrYHjIP
cRtS6qszYqw=
=ZzS9
-----END PGP SIGNATURE-----