Security Advisory Zope Hotfix package available

Advisory: RHSA-2000:135-03
Type: Security Advisory
Severity: N/A
Issued on: 2000-12-20
Last updated on: 2000-12-20
Affected Products: Red Hat Linux 7.0
OVAL: N/A
CVEs (cve.mitre.org): CVE-2000-1212

Details

A new Zope Hotfix package is available.

The issue involves incorrect protection of a data updating method on Image
and File objects. Because the method was not correctly protected, it was
possible for users with DTML editing privileges to update the raw data of
aprivileges File or Image object via DTML, though they did not have editing
on the objects themselves.


Solution

For each RPM for your particular architecture, run:

rpm -Fvh [filename]

where filename is the name of the RPM.

Please make sure that you have updated you Zope packages to version 2.2.4
prior to applying this Hotfix. After you have installed this Hotfix,
restart Zope.

Updated packages

Red Hat Linux 7.0
noarch:
ftp://updates.redhat.com/7.0/noarch/Zope-Hotfix-DTML-2000_12_18-1.noarch.rpm
Missing file		     bb611337425fe1097a5bf8d55f4c6ae7
 

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-1212
http://www.zope.org/Products/Zope/Hotfix_2000-12-18/README.txt
http://lwn.net/daily/zope-dtml-fix.php3

Keywords

Zope

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/