Security
SHARE
Facebook X Pinterest WhatsApp

Red Hat Security Advisory: New Zope packages are available

Written By
thumbnail
Web Webster
Web Webster
Feb 26, 2001

Date: Mon, 26 Feb 2001 15:42 -0500
From: redhat-watch-list-admin@redhat.com
To: redhat-watch-list@redhat.com
Subject: [RHSA-2001:021-06] New Zope packages are available

                   Red Hat, Inc. Red Hat Security Advisory

Synopsis:          New Zope packages are available
Advisory ID:       RHSA-2001:021-06
Issue date:        2001-02-24
Updated on:        2001-02-26
Product:           Red Hat Powertools
Keywords:
Cross references:
Obsoletes:         RHSA-2000-135 RHSA-2000-125

1. Topic:

New Zope packages are available which fix numerous security
vulnerabilities.

2. Relevant releases/architectures:

Red Hat Powertools 6.2 – alpha, i386, sparc
Red Hat Powertools 7.0 – alpha, i386

3. Problem description:

> From the Zope advisory:

“This hotfix addresses and [sic] important security issue that
affects Zope versions up to and including Zope 2.3.1 b1.

The issue is related to ZClasses in that a user with
through-the-web scripting capabilities on a Zope site can view and
assign class attributes to ZClasses, possibly allowing them to make
inappropriate changes to ZClass instances.

This patch also fixes problems in the ObjectManager,
PropertyManager, and PropertySheet classes related to mutability of
method return values which could be perceived as a security
problem.

We *highly* recommend that any Zope site running versions of
Zope up to and including 2.3.1 b1 have this hotfix product
installed to mitigate these issues if the site is accessible by
untrusted users who have through-the-web scripting privileges.”

The updated packages include this new hotfix.

4. Solution:

*NOTE* This advisory supercedes all other Zope and Zope-Hotfix
advisories from Red Hat, Inc.

To update all RPMs for your particular architecture, run:

rpm -Fvh <filenames>

where <filenames> is a list of the RPMs you wish to
upgrade. Only those RPMs which are currently installed will be
updated. Those RPMs which are not installed but included in the
list will not be updated. Note that you can also use wildcards
(*.rpm) if your current directly *only* contains the desired
RPMs.

Please note that this update is also available via Red Hat
Network. Many people find this an easier way to apply updates. To
use Red Hat Network, launch the Red Hat Update Agent with the
following command:

up2date

This will start an interactive process that will result in the
appropriate RPMs being upgraded on your system.

5. Bug IDs fixed (http://bugzilla.redhat.com/bugzilla
for more info):

6. RPMs required:

Red Hat Powertools 6.2:

SRPMS:

ftp://updates.redhat.com/powertools/6.2/SRPMS/Zope-2.2.4-6.src.rpm

alpha:

ftp://updates.redhat.com/powertools/6.2/alpha/Zope-2.2.4-6.alpha.rpm


ftp://updates.redhat.com/powertools/6.2/alpha/Zope-components-2.2.4-6.alpha.rpm


ftp://updates.redhat.com/powertools/6.2/alpha/Zope-core-2.2.4-6.alpha.rpm


ftp://updates.redhat.com/powertools/6.2/alpha/Zope-pcgi-2.2.4-6.alpha.rpm


ftp://updates.redhat.com/powertools/6.2/alpha/Zope-services-2.2.4-6.alpha.rpm


ftp://updates.redhat.com/powertools/6.2/alpha/Zope-zpublisher-2.2.4-6.alpha.rpm


ftp://updates.redhat.com/powertools/6.2/alpha/Zope-zserver-2.2.4-6.alpha.rpm


ftp://updates.redhat.com/powertools/6.2/alpha/Zope-ztemplates-2.2.4-6.alpha.rpm

i386:

ftp://updates.redhat.com/powertools/6.2/i386/Zope-2.2.4-6.i386.rpm


ftp://updates.redhat.com/powertools/6.2/i386/Zope-components-2.2.4-6.i386.rpm


ftp://updates.redhat.com/powertools/6.2/i386/Zope-core-2.2.4-6.i386.rpm


ftp://updates.redhat.com/powertools/6.2/i386/Zope-pcgi-2.2.4-6.i386.rpm


ftp://updates.redhat.com/powertools/6.2/i386/Zope-services-2.2.4-6.i386.rpm


ftp://updates.redhat.com/powertools/6.2/i386/Zope-zpublisher-2.2.4-6.i386.rpm


ftp://updates.redhat.com/powertools/6.2/i386/Zope-zserver-2.2.4-6.i386.rpm


ftp://updates.redhat.com/powertools/6.2/i386/Zope-ztemplates-2.2.4-6.i386.rpm

sparc:

ftp://updates.redhat.com/powertools/6.2/sparc/Zope-2.2.4-6.sparc.rpm


ftp://updates.redhat.com/powertools/6.2/sparc/Zope-components-2.2.4-6.sparc.rpm


ftp://updates.redhat.com/powertools/6.2/sparc/Zope-core-2.2.4-6.sparc.rpm


ftp://updates.redhat.com/powertools/6.2/sparc/Zope-pcgi-2.2.4-6.sparc.rpm


ftp://updates.redhat.com/powertools/6.2/sparc/Zope-services-2.2.4-6.sparc.rpm


ftp://updates.redhat.com/powertools/6.2/sparc/Zope-zpublisher-2.2.4-6.sparc.rpm


ftp://updates.redhat.com/powertools/6.2/sparc/Zope-zserver-2.2.4-6.sparc.rpm


ftp://updates.redhat.com/powertools/6.2/sparc/Zope-ztemplates-2.2.4-6.sparc.rpm

Red Hat Powertools 7.0:

SRPMS:

ftp://updates.redhat.com/powertools/7.0/SRPMS/Zope-2.2.4-7.src.rpm

alpha:

ftp://updates.redhat.com/powertools/7.0/alpha/Zope-2.2.4-7.alpha.rpm


ftp://updates.redhat.com/powertools/7.0/alpha/Zope-components-2.2.4-7.alpha.rpm


ftp://updates.redhat.com/powertools/7.0/alpha/Zope-core-2.2.4-7.alpha.rpm


ftp://updates.redhat.com/powertools/7.0/alpha/Zope-pcgi-2.2.4-7.alpha.rpm


ftp://updates.redhat.com/powertools/7.0/alpha/Zope-services-2.2.4-7.alpha.rpm


ftp://updates.redhat.com/powertools/7.0/alpha/Zope-zpublisher-2.2.4-7.alpha.rpm


ftp://updates.redhat.com/powertools/7.0/alpha/Zope-zserver-2.2.4-7.alpha.rpm


ftp://updates.redhat.com/powertools/7.0/alpha/Zope-ztemplates-2.2.4-7.alpha.rpm

i386:

ftp://updates.redhat.com/powertools/7.0/i386/Zope-2.2.4-7.i386.rpm


ftp://updates.redhat.com/powertools/7.0/i386/Zope-components-2.2.4-7.i386.rpm


ftp://updates.redhat.com/powertools/7.0/i386/Zope-core-2.2.4-7.i386.rpm


ftp://updates.redhat.com/powertools/7.0/i386/Zope-pcgi-2.2.4-7.i386.rpm


ftp://updates.redhat.com/powertools/7.0/i386/Zope-services-2.2.4-7.i386.rpm


ftp://updates.redhat.com/powertools/7.0/i386/Zope-zpublisher-2.2.4-7.i386.rpm


ftp://updates.redhat.com/powertools/7.0/i386/Zope-zserver-2.2.4-7.i386.rpm


ftp://updates.redhat.com/powertools/7.0/i386/Zope-ztemplates-2.2.4-7.i386.rpm

7. Verification:

MD5 sum                           Package Name

1cee19a4c71066a26ad46ef843a021ec 6.2/SRPMS/Zope-2.2.4-6.src.rpm
8ccb74c33b4615f5a271d8b4020362c9 6.2/alpha/Zope-2.2.4-6.alpha.rpm
907bcbac56f1dde6c721790832c7922e 6.2/alpha/Zope-components-2.2.4-6.alpha.rpm
d0f965ede5461c89959b2a90c0e93b08 6.2/alpha/Zope-core-2.2.4-6.alpha.rpm
f3498e23a14f994cacfff7c0d8e65c4d 6.2/alpha/Zope-pcgi-2.2.4-6.alpha.rpm
c22de50c38a3b355393700569592fdc3 6.2/alpha/Zope-services-2.2.4-6.alpha.rpm
843260a32fca2a0cd1cc6dbcd50c8512 6.2/alpha/Zope-zpublisher-2.2.4-6.alpha.rpm
3955a934c2b99fad187956cc3ec94374 6.2/alpha/Zope-zserver-2.2.4-6.alpha.rpm
1a40476934178b01aae8dbe0b46bdfc2 6.2/alpha/Zope-ztemplates-2.2.4-6.alpha.rpm
129647a28cbeac9659a6717db03a0ef0 6.2/i386/Zope-2.2.4-6.i386.rpm
35f30fe3d68b43849edb63ae3b77136f 6.2/i386/Zope-components-2.2.4-6.i386.rpm
4bc74e05ed6f53d26cc94b5d006f4756 6.2/i386/Zope-core-2.2.4-6.i386.rpm
af0e5b0a225870dfc2d7dba1027b34e4 6.2/i386/Zope-pcgi-2.2.4-6.i386.rpm
9a29e9b14cee9c4d44b2c196a64a9f04 6.2/i386/Zope-services-2.2.4-6.i386.rpm
f80f0588b445a4f79f8266ca89141826 6.2/i386/Zope-zpublisher-2.2.4-6.i386.rpm
b2b5f957de787293361cd737811ae773 6.2/i386/Zope-zserver-2.2.4-6.i386.rpm
5bf7b8c372cc6692e48fe767e4a575a0 6.2/i386/Zope-ztemplates-2.2.4-6.i386.rpm
9cd609052adfa6776e211c460dc21f7d 6.2/sparc/Zope-2.2.4-6.sparc.rpm
485315f636e8f8fc9b7578f45395854c 6.2/sparc/Zope-components-2.2.4-6.sparc.rpm
d430518810cc99f671dca3c2a0da5962 6.2/sparc/Zope-core-2.2.4-6.sparc.rpm
18fe9ab287a933d2667738f60c7b3906 6.2/sparc/Zope-pcgi-2.2.4-6.sparc.rpm
2c19519b8b79a53c616a872376f03052 6.2/sparc/Zope-services-2.2.4-6.sparc.rpm
4e539977de9266832b27304a806a6c6a 6.2/sparc/Zope-zpublisher-2.2.4-6.sparc.rpm
3a7862b5756a7244646b9003e293b46e 6.2/sparc/Zope-zserver-2.2.4-6.sparc.rpm
26c1116758fd7503932ae433e90d5eda 6.2/sparc/Zope-ztemplates-2.2.4-6.sparc.rpm
bf725481032bb7274d43214313dd5faa 7.0/SRPMS/Zope-2.2.4-7.src.rpm
ac9263e51ae7363f87094600310d8361 7.0/alpha/Zope-2.2.4-7.alpha.rpm
f35516df480cc1d69c2c32909d98c3d0 7.0/alpha/Zope-components-2.2.4-7.alpha.rpm
7208182e7aa101adc2422ef88aed16b9 7.0/alpha/Zope-core-2.2.4-7.alpha.rpm
3d1c823fc95ad40a5896636b65db85dc 7.0/alpha/Zope-pcgi-2.2.4-7.alpha.rpm
4bb7097532b82a2a19d8589c2bda25ba 7.0/alpha/Zope-services-2.2.4-7.alpha.rpm
084fc2a9557ae11d1c791ac2afd56b1e 7.0/alpha/Zope-zpublisher-2.2.4-7.alpha.rpm
e7556ec91a966e911355905f328623ef 7.0/alpha/Zope-zserver-2.2.4-7.alpha.rpm
d4ca57128f0e7d853e611e988cf0a842 7.0/alpha/Zope-ztemplates-2.2.4-7.alpha.rpm
75a7a5006bf795de4fd11ecf1fc7b7fa 7.0/i386/Zope-2.2.4-7.i386.rpm
74c87a18942602b2075ed3e948a17360 7.0/i386/Zope-components-2.2.4-7.i386.rpm
b06820fd06b0b1c062efc73657ef72bb 7.0/i386/Zope-core-2.2.4-7.i386.rpm
2ab9d8cd4946c89dddc705f2fd1a5df6 7.0/i386/Zope-pcgi-2.2.4-7.i386.rpm
d378aba6b5ccd95813252c734960688f 7.0/i386/Zope-services-2.2.4-7.i386.rpm
3d1ad4cd23e722b2d32d732e604e6e1a 7.0/i386/Zope-zpublisher-2.2.4-7.i386.rpm
cc478476f6bd734dc4981cf42914ada6 7.0/i386/Zope-zserver-2.2.4-7.i386.rpm
bb2bef1616e9eb3693c86cf0564bc140 7.0/i386/Zope-ztemplates-2.2.4-7.i386.rpm

These packages are GPG signed by Red Hat, Inc. for security. Our
key is available at:
http://www.redhat.com/corp/contact.html

You can verify each package with the following command:
rpm –checksig <filename>

If you only wish to verify that each package has not been
corrupted or tampered with, examine only the md5sum with the
following command:
rpm –checksig –nogpg <filename>

8. References:


http://www.zope.org/Products/Zope/Hotfix_2001-02-23/security_alert

Copyright(c) 2000, 2001 Red Hat, Inc.

thumbnail
Web Webster

Web Webster

Web Webster has more than 20 years of writing and editorial experience in the tech sector. He’s written and edited news, demand generation, user-focused, and thought leadership content for business software solutions, consumer tech, and Linux Today, he edits and writes for a portfolio of tech industry news and analysis websites including webopedia.com, and DatabaseJournal.com.

Recommended for you...

Blog
A Thorough Approach to Improve the Privacy and Security of Your Linux PC
Damien
Oct 24, 2024
Blog
Several Russian Maintainers Removed From Linux Kernel Due To Compliance Concerns
Senthil Kumar
Oct 23, 2024
Blog
OpenSSH Splits Again: New Authentication Binary Unveiled
Bobby Borisov
Oct 16, 2024
Blog
13 Best Free and Open Source Anti-Malware Tools
webmaster
Oct 14, 2024
Linux Today Logo

LinuxToday is a trusted, contributor-driven news resource supporting all types of Linux users. Our thriving international community engages with us through social media and frequent content contributions aimed at solving problems ranging from personal computing to enterprise-level IT operations. LinuxToday serves as a home for a community that struggles to find comparable information elsewhere on the web.

facebook
linkedin
x

Company

Contact us

Categories

News IT Management Infrastructure Developer Security High Performance Storage Blog

Property of TechnologyAdvice. © 2025 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

Terms of Service Privacy Policy California - Do Not Sell My Information