-----BEGIN PGP SIGNED MESSAGE-----

- ------------------------------------------------------------------------
Debian Security Advisory                             security@debian.org 
Debian -- Security Information                             Michael Stone
August 11, 2000
- ------------------------------------------------------------------------

Package: zope
Vulnerability type: remote unprivileged access
Debian-specific: no

On versions of Zope prior to 2.2beta1 it was possible for a user with the
ability to edit DTML can gain unauthorized access to extra roles during a
request. 

Debian 2.1 (slink) did not include zope, and is not vulnerable. The widely-used
Debian 2.2 (potato) pre-release does include zope and is vulnerable to this
issue. A fixed package for Debian 2.2 (potato) is available in zope 2.1.6-5.1.

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.


Debian GNU/Linux 2.1 alias slink
- --------------------------------

  This version of Debian did not include zope and is not vulnerable.



Debian GNU/Linux 2.2 alias potato
- ---------------------------------

  Source archives:
      
      MD5 checksum: c75d6ccc953227214aa8cdcdc720c38a
      
      MD5 checksum: 8332bcfbadc37bbe32e2a64d3b41300f
      
      MD5 checksum: 6ec4320afd6925c24f9f1b5cd7c4d7c5
  Alpha architecture:
      
      MD5 checksum: f3432b908238de8b2fef2d8f10dd82ae
  Arm architecture:
      
      MD5 checksum: 59bb35f4ac17bf1aa6c37d76a624f3c7
  Intel ia32 architecture:
      
      MD5 checksum: 4716213c3986dd0e871a33acc8576c66
  Motorola 680x0 architecture:
    Will be available shortly
  PowerPC architecture:
      
      MD5 checksum: 1345120dcca3a253b099b6d42ffc9f4b
  Sun Sparc architecture:
      
      MD5 checksum: ed818435e7b672521d364a3c044a4043


-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: noconv

iQCVAwUBOZSaiw0hVr09l8FJAQG2nwP9HYCgsfMOrTBrRQeUzjbsXXuneUpOrzAZ
8kOLGczsIFWo7n3CDtCMjmgrXVfuF6zSq4XS9afJahLrdwfJWdXjhMXb7SHQ71ZU
J/2OHoZdGVR2HizEKY8M3wpWw+BnJMUaLomv2LkgqaO5K2zJ2zNgLKIlHCrYHjIP
cRtS6qszYqw=ZzS9
-----END PGP SIGNATURE-----

Debian: zope vulnerability

August 11, 2000
On versions of Zope prior to 2.2beta1 it was possible for a user with theability to edit DTML can gain unauthorized access to extra roles during arequest.

Summary

Package: zope
Vulnerability type: remote unprivileged access
Debian-specific: no

On versions of Zope prior to 2.2beta1 it was possible for a user with the
ability to edit DTML can gain unauthorized access to extra roles during a
request.

Debian 2.1 (slink) did not include zope, and is not vulnerable. The widely-used
Debian 2.2 (potato) pre-release does include zope and is vulnerable to this
issue. A fixed package for Debian 2.2 (potato) is available in zope 2.1.6-5.1.

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.


Debian GNU/Linux 2.1 alias slink

This version of Debian did not include zope and is not vulnerable.



Debian GNU/Linux 2.2 alias potato

Source archives:

MD5 checksum: c75d6ccc953227214aa8cdcdc720c38a

MD5 checksum: 8332bcfbadc37bbe32e2a64d3b41300f

MD5 checksum: 6ec4320afd6925c24f9f1b5cd7c4d7c5
Alpha architecture:

MD5 checksum: f3432b908238de8b2fef2d8f10dd82ae
Arm architecture:

...

Read the Full Advisory

Severity

Related News

The End of the Road for Linux 6.11: A Call to Upgrade to Kernel 6.12
3 - 5 min read
The Linux kernel community recently issued an EOL announcement regarding the 6.11 kernel series, urging sysadmins to upgrade quickly to 6.12 . This
A Linux Admin
3 - 6 min read
As 2025 approaches, we Linux admins are facing new and often unseen cloud-native security obstacles. While skilled at mitigating known risks,
Leveraging Insights from the Linux Foundation
3 - 5 min read
The Linux Foundation's recent Census III report provides critical insights for Linux administrators, information security professionals, and anyone
Chrome 131 Released: Emergency Security Update Fixes Over a Dozen Significant Vulns
3 - 6 min read
Google recently unveiled a critical security update to their popular web browser, Google Chrome, addressing over a dozen significant security
From Wayland Fixes to Security Boosts: Examining Qt 6.8.1
3 - 6 min read
The recent Qt 6.8.1 release brings significant updates and improvements, strengthening its reputation as a secure and reliable application
Exploring Arch Linux 2024.12.01: Security Implications & Notable Enhancements for Linux Admins
3 - 6 min read
The Arch Linux 2024.12.01 ISO release marks an impressive milestone, offering cutting-edge updates that enhance functionality, streamline
Deck the Halls with Enhanced Security: Linux Kernel 6.13
3 - 5 min read
As Linux admins and infosec professionals prepare for the holiday season, there's much cause for celebration this year! Linus Torvalds recently made
Lessons from Bootkitty: Securing Linux Systems Against UEFI Intrusions
3 - 5 min read
New Linux security threats mark critical junctures that challenge existing policies and test security protocols to their limit. One such milestone

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved