RedHat: Zope Vulnerability
Summary
Summary
This HotFix corrects issues in the getRoles method of user objectscontained in the default UserFolder implementation. Users with the abilityto edit DTML could arrange to give themselves extra roles for the durationof a single request by mutating the roles list as a part of the requestprocessing.
Solution
Users of Red Hat Powertools 6.1 who have not upgraded Zope to the version
of Zope released in Red Hat Powertools 6.2 (2.1.2-5) need to do so prior to
installing this Zope update. The Zope packages from 6.2 are located at:
Hat/powertools/6.2/
After you have upgraded to Zope-2.1.2-5 install the Zope-Hotfix package. To
install the update, use this command:
rpm -Uvh Zope-Hotfix-DTML-08_09_2000-1.noarch.rpm
Once the Zope-Hotfix package is installed, restart Zope.
5. Bug IDs fixed ( for more info):
N/A
6. RPMs required:
Red Hat Powertools 6.2:
noarch:
sources:
7. Verification:
MD5 sum Package Name
d008c975cec06c552172659ffb14a3a1 6.2/SRPMS/Zope-Hotfix-DTML-08_09_2000-1.src.rpm
61e9f5fed71cbb784f2e1352cb98fb1a 6.2/noarch/Zope-Hotfix-DTML-08_09_2000-1.noarch.rpm
These packages are GPG signed by Red Hat, Inc. for security. Our key
is available at:
You can verify each package with the following command:
rpm --checksig
If you only wish to verify that each package has not been corrupted or
tampered with, examine only the md5sum with the following command:
rpm --checksig --nogpg
References
Copyright(c) 2000 Red Hat, Inc. `
Package List
Topic
Topic
Vulnerabilities exist with all Zope-2.0 releases.
Relevant Releases Architectures
Red Hat Powertools 6.1 - noarch
Red Hat Powertools 6.2 - noarch
Bugs Fixed