Security Advisory New Zope packages are available.

Advisory: RHSA-2000:125-02
Type: Security Advisory
Severity: N/A
Issued on: 2000-12-13
Last updated on: 2000-12-13
Affected Products: Red Hat Linux 6.2
Red Hat Linux 7.0
OVAL: N/A
CVEs (cve.mitre.org): CVE-2000-1211

Details

Vulnerability in legacy names allows calling those contructors without the
correct permissions.

A vulnerablity exists in previously released versions of Zope where users
can create new DTML method instances through the Web without having the
correct permissions.


Solution

For each RPM for your particular architecture, run:

rpm -Fvh [filename]

where filename is the name of the RPM.

Make sure that you have applied all updates for Apache if you are using the
Zope-pcgi package.

NOTE: This errata supercedes all other advisories from Red Hat concerning
Zope.

Updated packages

Red Hat Linux 6.2
alpha:
ftp://updates.redhat.com/6.2/alpha/Zope-2.2.4-3.alpha.rpm
Missing file		     d7f73eea703056eb44007e7044c1ee01
ftp://updates.redhat.com/6.2/alpha/Zope-components-2.2.4-3.alpha.rpm
Missing file		     73c19b7937255380af1877ff9ccfa7ab
ftp://updates.redhat.com/6.2/alpha/Zope-core-2.2.4-3.alpha.rpm
Missing file		     8fa91974cbf97bd63e9d93d9f428f4ef
ftp://updates.redhat.com/6.2/alpha/Zope-pcgi-2.2.4-3.alpha.rpm
Missing file		     4ba68e9f304084bc05ba8b81073afe4b
ftp://updates.redhat.com/6.2/alpha/Zope-services-2.2.4-3.alpha.rpm
Missing file		     46c6e6d2347cae0b1d72292af7bb8868
ftp://updates.redhat.com/6.2/alpha/Zope-zpublisher-2.2.4-3.alpha.rpm
Missing file		     68b4230f02400568ad4ddecf27317bd4
ftp://updates.redhat.com/6.2/alpha/Zope-zserver-2.2.4-3.alpha.rpm
Missing file		     dd2fec391397a727106aa9ea3da45a7e
ftp://updates.redhat.com/6.2/alpha/Zope-ztemplates-2.2.4-3.alpha.rpm
Missing file		     377f033d43839e30d687f92389b01af9
 
i386:
ftp://updates.redhat.com/6.2/i386/Zope-2.2.4-3.i386.rpm
Missing file		     3bde2f09e75432dba375863c7740b9dc
ftp://updates.redhat.com/6.2/i386/Zope-components-2.2.4-3.i386.rpm
Missing file		     dfc304409d9c7397a316de5849fa0d48
ftp://updates.redhat.com/6.2/i386/Zope-core-2.2.4-3.i386.rpm
Missing file		     c3e561101a3c49a024b600aaac5263e0
ftp://updates.redhat.com/6.2/i386/Zope-pcgi-2.2.4-3.i386.rpm
Missing file		     7e9f96be58da0dbf2525f2e63e35f497
ftp://updates.redhat.com/6.2/i386/Zope-services-2.2.4-3.i386.rpm
Missing file		     f969f0c7ff3d293217c9ce90bee1abed
ftp://updates.redhat.com/6.2/i386/Zope-zpublisher-2.2.4-3.i386.rpm
Missing file		     1593e474602258fc1ef21ac79f6e639b
ftp://updates.redhat.com/6.2/i386/Zope-zserver-2.2.4-3.i386.rpm
Missing file		     abf5a7c5938bdc27d3887137871b724c
ftp://updates.redhat.com/6.2/i386/Zope-ztemplates-2.2.4-3.i386.rpm
Missing file		     6e347722a0827f60dcf97b118d3f3e60
 
sparc:
ftp://updates.redhat.com/6.2/sparc/Zope-2.2.4-3.sparc.rpm
Missing file		     a7f02426dc7390e816ac1738b1fe5c4c
ftp://updates.redhat.com/6.2/sparc/Zope-components-2.2.4-3.sparc.rpm
Missing file		     799085909efa49091c938451e64a3eac
ftp://updates.redhat.com/6.2/sparc/Zope-core-2.2.4-3.sparc.rpm
Missing file		     5692eb110c4a82a5cd605d9108112981
ftp://updates.redhat.com/6.2/sparc/Zope-pcgi-2.2.4-3.sparc.rpm
Missing file		     93a9fdb0a3425cb64bbdc59cb323c53e
ftp://updates.redhat.com/6.2/sparc/Zope-services-2.2.4-3.sparc.rpm
Missing file		     0f1207038f08bfc3640a3a9a57077a7c
ftp://updates.redhat.com/6.2/sparc/Zope-zpublisher-2.2.4-3.sparc.rpm
Missing file		     cd96eee2c2465858c9762e945edd4831
ftp://updates.redhat.com/6.2/sparc/Zope-zserver-2.2.4-3.sparc.rpm
Missing file		     0d8c06bfce677efe6ebd792f4909e933
ftp://updates.redhat.com/6.2/sparc/Zope-ztemplates-2.2.4-3.sparc.rpm
Missing file		     1b9942b112082d9d2ac4a45d49fc20e1
 
Red Hat Linux 7.0
alpha:
ftp://updates.redhat.com/7.0/alpha/Zope-2.2.4-4.alpha.rpm
Missing file		     6ba5ab5536c6febe1baa5115545501ba
ftp://updates.redhat.com/7.0/alpha/Zope-components-2.2.4-4.alpha.rpm
Missing file		     303db0df979bb5108d6b0ec1dc9b7086
ftp://updates.redhat.com/7.0/alpha/Zope-core-2.2.4-4.alpha.rpm
Missing file		     651553ed0a862019ed6ae1b7f61b95d6
ftp://updates.redhat.com/7.0/alpha/Zope-pcgi-2.2.4-4.alpha.rpm
Missing file		     babed78c7c795052e26877862205e1a6
ftp://updates.redhat.com/7.0/alpha/Zope-services-2.2.4-4.alpha.rpm
Missing file		     18c9a4075c7bb4a5d04dfab1b7180046
ftp://updates.redhat.com/7.0/alpha/Zope-zpublisher-2.2.4-4.alpha.rpm
Missing file		     485304852c9ca212b7b64724ba1568d3
ftp://updates.redhat.com/7.0/alpha/Zope-zserver-2.2.4-4.alpha.rpm
Missing file		     4571271fd46f3e888f033604a30aa0dd
ftp://updates.redhat.com/7.0/alpha/Zope-ztemplates-2.2.4-4.alpha.rpm
Missing file		     fbd063e9b50a164ecad4672e9b1244e6
 
i386:
ftp://updates.redhat.com/7.0/i386/Zope-2.2.4-4.i386.rpm
Missing file		     f53ebebbb586cd0a7a273249d8d31d46
ftp://updates.redhat.com/7.0/i386/Zope-components-2.2.4-4.i386.rpm
Missing file		     6d732f25729bdb4cdd7f6e31c7166622
ftp://updates.redhat.com/7.0/i386/Zope-core-2.2.4-4.i386.rpm
Missing file		     7ab10f25d8db9e146161a89e1e8dfd93
ftp://updates.redhat.com/7.0/i386/Zope-pcgi-2.2.4-4.i386.rpm
Missing file		     c144ac2c1b10b0c260ac0224018c99b8
ftp://updates.redhat.com/7.0/i386/Zope-services-2.2.4-4.i386.rpm
Missing file		     d4b6a2064f721dec5ca83dc3336ccbde
ftp://updates.redhat.com/7.0/i386/Zope-zpublisher-2.2.4-4.i386.rpm
Missing file		     8f6b0b0baa3c3da30f5eb43d14ed9ab5
ftp://updates.redhat.com/7.0/i386/Zope-zserver-2.2.4-4.i386.rpm
Missing file		     5b3e3e6f31cc56a797464602fd7057f5
ftp://updates.redhat.com/7.0/i386/Zope-ztemplates-2.2.4-4.i386.rpm
Missing file		     e9ecf895e293c0e05cb502c3042fdb21
 

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-1211
http://www.zope.org/Products/Zope/Hotfix_2000-12-08/security_alert

Keywords

N/A

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/