Home > Security > Advisories

Advisories

Mandriva Advisories

Package name Zope
Date December 19th, 2000
Advisory ID MDKSA-2000:086
Affected versions 7.1, 7.2
Synopsis Updated Zope packages fix incorrect protection of data updating methods

Problem Description

A potential security issue exists in versions of Zope up to and
including 2.2.4. This issue involves incorrect protection of a data
updating method on Image and File objects. Because the method was not
correctly protected, it was possible for users with DTML editing
privileges to update the raw data of a File or Image object via DTML
though they did not have editing privileges on the objects themselves.
This update replaces the previous Zope update noted in MDKSA-2000:083.

Updated Packages

Mandrakelinux 7.1

 1a27224eda3908f1797f8373cb0a997e  7.1/RPMS/Zope-2.2.4-1.2mdk.i586.rpm
0c4b6927178dae9addb86ad3b58bcb04  7.1/RPMS/Zope-components-2.2.4-1.2mdk.i586.rpm
41f3a790bf3bebb4c49e8ced65a2eec2  7.1/RPMS/Zope-core-2.2.4-1.2mdk.i586.rpm
2697aac6c282d0ff1df6be67c452f0f1  7.1/RPMS/Zope-pcgi-2.2.4-1.2mdk.i586.rpm
6170e2801ae6ff70e0a8d7115abcf2ab  7.1/RPMS/Zope-services-2.2.4-1.2mdk.i586.rpm
f532b272a002b2cadea796644cb55c24  7.1/RPMS/Zope-zpublisher-2.2.4-1.2mdk.i586.rpm
c46eec7ed0490a72ae1b40fda4697891  7.1/RPMS/Zope-zserver-2.2.4-1.2mdk.i586.rpm
8b20f57bf02811245b6c398deb908fb3  7.1/RPMS/Zope-ztemplates-2.2.4-1.2mdk.i586.rpm
8fd0a77af27e4f10b5c7d72aca007a60  7.1/SRPMS/Zope-2.2.4-1.2mdk.src.rpm

Mandrakelinux 7.2

 977521271b02081ead2e692486153603  7.2/RPMS/Zope-2.2.4-1.2mdk.i586.rpm
9469e68a5bad3616f55968bb2a03bdf8  7.2/RPMS/Zope-components-2.2.4-1.2mdk.i586.rpm
2d613ea11d316604c92d87c38850624b  7.2/RPMS/Zope-core-2.2.4-1.2mdk.i586.rpm
029cb83d8dff5c8062c41dcd2643a6fa  7.2/RPMS/Zope-pcgi-2.2.4-1.2mdk.i586.rpm
06dc417709a6d0013213d54361a9fe31  7.2/RPMS/Zope-services-2.2.4-1.2mdk.i586.rpm
f32ab4d27616c1ee74c1510cbb2f9ff9  7.2/RPMS/Zope-zpublisher-2.2.4-1.2mdk.i586.rpm
f95628b3a712688df2810842bd9136ba  7.2/RPMS/Zope-zserver-2.2.4-1.2mdk.i586.rpm
9155e0f3e372b7b7133ad2445cca6522  7.2/RPMS/Zope-ztemplates-2.2.4-1.2mdk.i586.rpm
8fd0a77af27e4f10b5c7d72aca007a60  7.2/SRPMS/Zope-2.2.4-1.2mdk.src.rpm

Upgrade

To upgrade automatically, use MandrivaUpdate.


Verification

Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command :

                rpm --checksig package.rpm

You can get the GPG public key of the Mandriva Security Team to verify the GPG signature of each RPM.

If you use MandrivaUpdate, the verification of md5 checksum and GPG signature is performed automatically for you.