Bugtraq mailing list archives
Conectiva Linux Security Announcement - Zope
From: secure () CONECTIVA COM BR
Date: Tue, 15 Aug 2000 15:20:33 -0300
----------------------------------------------------------------------- CONECTIVA LINUX SECURITY ANNOUNCEMENT ----------------------------------------------------------------------- PACKAGE : Zope SUMMARY : Permission problems DATE : 2000-08-15 15:20:00 AFFECTED CONECTIVA VERSIONS : 4.2, 5.0, 5.1 ---------------------------------------------------------------------- DESCRIPTION The issue involves the fact that the getRoles method of user objects contained in the default UserFolder implementation returns a mutable Python type. Because the mutable object is still associated with the persistent User object, users with the ability to edit DTML could arrange to give themselves extra roles for the duration of a single request by mutating the roles list as a part of the request processing. SOLUTION Zope users should upgrade to the updated packages. These packages already contain the Hotfix that was released by the Zope team to address this issue. DIRECT DOWNLOAD LINKS TO THE UPDATED PACKAGES ftp://atualizacoes.conectiva.com.br/4.2/SRPMS/Zope-2.1.7-5cl.src.rpm ftp://atualizacoes.conectiva.com.br/4.2/i386/Zope-2.1.7-5cl.i386.rpm ftp://atualizacoes.conectiva.com.br/4.2/i386/Zope-components-2.1.7-5cl.i386.rpm ftp://atualizacoes.conectiva.com.br/4.2/i386/Zope-core-2.1.7-5cl.i386.rpm ftp://atualizacoes.conectiva.com.br/4.2/i386/Zope-pcgi-2.1.7-5cl.i386.rpm ftp://atualizacoes.conectiva.com.br/4.2/i386/Zope-services-2.1.7-5cl.i386.rpm ftp://atualizacoes.conectiva.com.br/4.2/i386/Zope-zpublisher-2.1.7-5cl.i386.rpm ftp://atualizacoes.conectiva.com.br/4.2/i386/Zope-ztemplates-2.1.7-5cl.i386.rpm ftp://atualizacoes.conectiva.com.br/5.0/SRPMS/Zope-2.1.7-5cl.src.rpm ftp://atualizacoes.conectiva.com.br/5.0/i386/Zope-2.1.7-5cl.i386.rpm ftp://atualizacoes.conectiva.com.br/5.0/i386/Zope-components-2.1.7-5cl.i386.rpm ftp://atualizacoes.conectiva.com.br/5.0/i386/Zope-core-2.1.7-5cl.i386.rpm ftp://atualizacoes.conectiva.com.br/5.0/i386/Zope-pcgi-2.1.7-5cl.i386.rpm ftp://atualizacoes.conectiva.com.br/5.0/i386/Zope-services-2.1.7-5cl.i386.rpm ftp://atualizacoes.conectiva.com.br/5.0/i386/Zope-zpublisher-2.1.7-5cl.i386.rpm ftp://atualizacoes.conectiva.com.br/5.0/i386/Zope-ztemplates-2.1.7-5cl.i386.rpm ftp://atualizacoes.conectiva.com.br/5.1/SRPMS/Zope-2.1.7-5cl.src.rpm ftp://atualizacoes.conectiva.com.br/5.1/i386/Zope-2.1.7-5cl.i386.rpm ftp://atualizacoes.conectiva.com.br/5.1/i386/Zope-components-2.1.7-5cl.i386.rpm ftp://atualizacoes.conectiva.com.br/5.1/i386/Zope-core-2.1.7-5cl.i386.rpm ftp://atualizacoes.conectiva.com.br/5.1/i386/Zope-pcgi-2.1.7-5cl.i386.rpm ftp://atualizacoes.conectiva.com.br/5.1/i386/Zope-services-2.1.7-5cl.i386.rpm ftp://atualizacoes.conectiva.com.br/5.1/i386/Zope-zpublisher-2.1.7-5cl.i386.rpm ftp://atualizacoes.conectiva.com.br/5.1/i386/Zope-ztemplates-2.1.7-5cl.i386.rpm ---------------------------------------------------------------------- All packages are signed with Conectiva's GPG key. The key can be obtained at http://www.conectiva.com.br/contato ---------------------------------------------------------------------- subscribe: atualizacoes-anuncio-subscribe () bazar conectiva com br unsubscribe: atualizacoes-anuncio-unsubscribe () bazar conectiva com br
Current thread:
- Conectiva Linux Security Announcement - Zope secure (Aug 16)
- <Possible follow-ups>
- Conectiva Linux Security Announcement - Zope secure (Aug 21)