Advisories : Vulnerability in zope package (Debian)

main menu

- feedback
- advertising
- privacy
- FightAIDS
- newsletter
- news

discussions

- read forum
- new topic
- search

meetings

- meetings list
- recent additions
- add your info

top 100 sites

- visit top sites
- sign up now
- members

webmasters

- add your url
- add domain
- search box
- link to us

projects

- our projects
- free email

m4d network

- security software
- secureroot
- m4d.com

Home : Advisories : Vulnerability in zope package (Debian)

Title:	Vulnerability in zope package (Debian)
Released by:	Debian
Date:	11th August 2000
Printable version:	Click here

-----BEGIN PGP SIGNED MESSAGE-----



- ------------------------------------------------------------------------

Debian Security Advisory                             security@debian.org

http://www.debian.org/security/                            Michael Stone

August 11, 2000

- ------------------------------------------------------------------------



Package: zope

Vulnerability type: remote unprivileged access

Debian-specific: no



On versions of Zope prior to 2.2beta1 it was possible for a user with the

ability to edit DTML can gain unauthorized access to extra roles during a

request. 



Debian 2.1 (slink) did not include zope, and is not vulnerable. The widely-used

Debian 2.2 (potato) pre-release does include zope and is vulnerable to this

issue. A fixed package for Debian 2.2 (potato) is available in zope 2.1.6-5.1.



wget url

        will fetch the file for you

dpkg -i file.deb

        will install the referenced file.





Debian GNU/Linux 2.1 alias slink

- --------------------------------



  This version of Debian did not include zope and is not vulnerable.







Debian GNU/Linux 2.2 alias potato

- ---------------------------------



  Source archives:

    http://security.debian.org/dists/frozen/updates/main/source/zope_2.1.6-5.1.diff.gz

      MD5 checksum: c75d6ccc953227214aa8cdcdc720c38a

    http://security.debian.org/dists/frozen/updates/main/source/zope_2.1.6-5.1.dsc

      MD5 checksum: 8332bcfbadc37bbe32e2a64d3b41300f

    http://security.debian.org/dists/frozen/updates/main/source/zope_2.1.6.orig.tar.gz

      MD5 checksum: 6ec4320afd6925c24f9f1b5cd7c4d7c5

  Alpha architecture:

    http://security.debian.org/dists/frozen/updates/main/binary-alpha/zope_2.1.6-5.1_alpha.deb

      MD5 checksum: f3432b908238de8b2fef2d8f10dd82ae

  Arm architecture:

    http://security.debian.org/dists/frozen/updates/main/binary-arm/zope_2.1.6-5.1_arm.deb

      MD5 checksum: 59bb35f4ac17bf1aa6c37d76a624f3c7

  Intel ia32 architecture:

    http://security.debian.org/dists/frozen/updates/main/binary-i386/zope_2.1.6-5.1_i386.deb

      MD5 checksum: 4716213c3986dd0e871a33acc8576c66

  Motorola 680x0 architecture:

    Will be available shortly

  PowerPC architecture:

    http://security.debian.org/dists/frozen/updates/main/binary-powerpc/zope_2.1.6-5.1_powerpc.deb

      MD5 checksum: 1345120dcca3a253b099b6d42ffc9f4b

  Sun Sparc architecture:

    http://security.debian.org/dists/frozen/updates/main/binary-sparc/zope_2.1.6-5.1_sparc.deb

      MD5 checksum: ed818435e7b672521d364a3c044a4043





-----BEGIN PGP SIGNATURE-----

Version: 2.6.3ia

Charset: noconv



iQCVAwUBOZSaiw0hVr09l8FJAQG2nwP9HYCgsfMOrTBrRQeUzjbsXXuneUpOrzAZ

8kOLGczsIFWo7n3CDtCMjmgrXVfuF6zSq4XS9afJahLrdwfJWdXjhMXb7SHQ71ZU

J/2OHoZdGVR2HizEKY8M3wpWw+BnJMUaLomv2LkgqaO5K2zJ2zNgLKIlHCrYHjIP

cRtS6qszYqw=

=ZzS9

-----END PGP SIGNATURE-----





--  

To UNSUBSCRIBE, email to debian-security-announce-request@lists.debian.org

with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org