Security Advisory New Zope packages are available

Advisory: RHSA-2001:115-05
Type: Security Advisory
Severity: N/A
Issued on: 2001-10-02
Last updated on: 2001-10-09
Affected Products: Powertools 6.2
Powertools 7.0
Powertools 7.1
OVAL: N/A
CVEs (cve.mitre.org): CVE-2001-1227

Details

New Zope packages are available which fix a security flaw with DTML
scripting.

The updated packages include a "hotfix" product which addresses a security
problem with DTML scripting, as described in the Hotfix_2001-09-28
README.txt file: "The issue involves the fmt attribute of dtml-var tags.
Without this correction, Zope does not check security access to methods
invoked through fmt. This issue could allow partially trusted users with
enough knowledge of Zope to call, in a limited way, methods they would not
otherwise be allowed to access."


Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

To update all RPMs for your particular architecture, run:

rpm -Fvh [filenames]

where [filenames] is a list of the RPMs you wish to upgrade. Only those
RPMs which are currently installed will be updated. Those RPMs which are
not installed but included in the list will not be updated. Note that you
can also use wildcards (*.rpm) if your current directory *only* contains
the desired RPMs.

Please note that this update is also available via Red Hat Network. Many
people find this to be an easier way to apply updates. To use Red Hat
Network, launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

After you have updated the packages, you must restart zope:

/etc/rc.d/init.d/zope restart

Updated packages

Powertools 6.2
SRPMS:
ftp://updates.redhat.com/6.2/en/powertools/SRPMS/Zope-2.2.4-9.src.rpm
Missing file		     3c1235415148e6623f64e0a4e76e4d1d
 
Alpha:
ftp://updates.redhat.com/6.2/en/powertools/alpha/Zope-2.2.4-9.alpha.rpm
Missing file		     1db6c7dd618f2219f550c4c3dd6378e7
ftp://updates.redhat.com/6.2/en/powertools/alpha/Zope-components-2.2.4-9.alpha.rpm
Missing file		     d1714ff497622f75aaab08633f8b5f40
ftp://updates.redhat.com/6.2/en/powertools/alpha/Zope-core-2.2.4-9.alpha.rpm
Missing file		     a5e071a56fbde35af7adf04bb3f82a6e
ftp://updates.redhat.com/6.2/en/powertools/alpha/Zope-pcgi-2.2.4-9.alpha.rpm
Missing file		     2638543302411fa5e2dd3fbb214590c1
ftp://updates.redhat.com/6.2/en/powertools/alpha/Zope-services-2.2.4-9.alpha.rpm
Missing file		     7b989758802b4c47a0c6d54bbe4c15ff
ftp://updates.redhat.com/6.2/en/powertools/alpha/Zope-zpublisher-2.2.4-9.alpha.rpm
Missing file		     671673618debf9a2f2691e44b7f3949d
ftp://updates.redhat.com/6.2/en/powertools/alpha/Zope-zserver-2.2.4-9.alpha.rpm
Missing file		     581f0f4fab451ff23fcaba7988ec56fb
ftp://updates.redhat.com/6.2/en/powertools/alpha/Zope-ztemplates-2.2.4-9.alpha.rpm
Missing file		     a4d6e35ab199f6d1cfb64abcb019c6b6
 
IA-32:
ftp://updates.redhat.com/6.2/en/powertools/i386/Zope-2.2.4-9.i386.rpm
Missing file		     72034fb8d7a6dffd4c903f0f3c2322b8
ftp://updates.redhat.com/6.2/en/powertools/i386/Zope-components-2.2.4-9.i386.rpm
Missing file		     3cab22c23facbaf6ab30ee9a5fc99cdd
ftp://updates.redhat.com/6.2/en/powertools/i386/Zope-core-2.2.4-9.i386.rpm
Missing file		     7c72b25ae0c38a7a868b539633a66150
ftp://updates.redhat.com/6.2/en/powertools/i386/Zope-pcgi-2.2.4-9.i386.rpm
Missing file		     ae85a8ecb8e41caf044d4424b544f20e
ftp://updates.redhat.com/6.2/en/powertools/i386/Zope-services-2.2.4-9.i386.rpm
Missing file		     c32ae40d8c7c82fb1b43e32ed956ebda
ftp://updates.redhat.com/6.2/en/powertools/i386/Zope-zpublisher-2.2.4-9.i386.rpm
Missing file		     490c9af30fe7918cb6df5cca509ef19a
ftp://updates.redhat.com/6.2/en/powertools/i386/Zope-zserver-2.2.4-9.i386.rpm
Missing file		     5a30fa8bf31b2f7eaaf6da8a47420a10
ftp://updates.redhat.com/6.2/en/powertools/i386/Zope-ztemplates-2.2.4-9.i386.rpm
Missing file		     aaab79e53686b566ae5af737876e7825
 
Sparc:
ftp://updates.redhat.com/6.2/en/powertools/sparc/Zope-2.2.4-9.sparc.rpm
Missing file		     07aad896f42d36ea0ad1a2674ade9774
ftp://updates.redhat.com/6.2/en/powertools/sparc/Zope-components-2.2.4-9.sparc.rpm
Missing file		     368a10766c6effe9c7c33ca50942c3cf
ftp://updates.redhat.com/6.2/en/powertools/sparc/Zope-core-2.2.4-9.sparc.rpm
Missing file		     77f2bb0d08c9baaf40264758726777e1
ftp://updates.redhat.com/6.2/en/powertools/sparc/Zope-pcgi-2.2.4-9.sparc.rpm
Missing file		     51c27034d265e0971464d7a7bfc02aeb
ftp://updates.redhat.com/6.2/en/powertools/sparc/Zope-services-2.2.4-9.sparc.rpm
Missing file		     d4e01fc786ad6dbd1aae654e1b83768d
ftp://updates.redhat.com/6.2/en/powertools/sparc/Zope-zpublisher-2.2.4-9.sparc.rpm
Missing file		     85da16d400b48c7a7ea365f88bb47d43
ftp://updates.redhat.com/6.2/en/powertools/sparc/Zope-zserver-2.2.4-9.sparc.rpm
Missing file		     68fbb73fd991ea3cfc4e19a9acc3f527
ftp://updates.redhat.com/6.2/en/powertools/sparc/Zope-ztemplates-2.2.4-9.sparc.rpm
Missing file		     112d287aaeb0013787699b99ddfb9e74
 
Powertools 7.0
SRPMS:
Zope-2.2.5-8.src.rpm
File outdated by:  RHSA-2002:060		     1cbc3eeac888b3bf209b739a6f3238b4
 
Alpha:
Zope-2.2.5-8.alpha.rpm
File outdated by:  RHSA-2002:060		     6c76c01f86f4dde5d63441075797783a
Zope-components-2.2.5-8.alpha.rpm
File outdated by:  RHSA-2002:060		     ce1f7032344efaea5d6fb5c032905471
Zope-core-2.2.5-8.alpha.rpm
File outdated by:  RHSA-2002:060		     4c630ecc4f19f48395cf4c7d32a9bee5
Zope-pcgi-2.2.5-8.alpha.rpm
File outdated by:  RHSA-2002:060		     476cf89c1f3f4c530fa95e8e276faa36
Zope-services-2.2.5-8.alpha.rpm
File outdated by:  RHSA-2002:060		     80ed8e74e4fef5270050d806dd39aa71
Zope-zpublisher-2.2.5-8.alpha.rpm
File outdated by:  RHSA-2002:060		     f3e796a9bad8de8c9d0dc531d11f2b76
Zope-zserver-2.2.5-8.alpha.rpm
File outdated by:  RHSA-2002:060		     66abeb448162b75f0d140715c4de84cc
Zope-ztemplates-2.2.5-8.alpha.rpm
File outdated by:  RHSA-2002:060		     4a8c4e9ad9ec6e5839696cbd67331648
 
IA-32:
Zope-2.2.5-8.i386.rpm
File outdated by:  RHSA-2002:060		     c8428b0d4e8bc8c52b218137286ed266
Zope-components-2.2.5-8.i386.rpm
File outdated by:  RHSA-2002:060		     edd23e731a9de98db074feab671273e3
Zope-core-2.2.5-8.i386.rpm
File outdated by:  RHSA-2002:060		     d96f8017dfff29d792dc0208f421e4d3
Zope-pcgi-2.2.5-8.i386.rpm
File outdated by:  RHSA-2002:060		     d621b5ee62c7c34d23bc14a5aa348f42
Zope-services-2.2.5-8.i386.rpm
File outdated by:  RHSA-2002:060		     6b44945ad005e77f2574a7d7e863d86e
Zope-zpublisher-2.2.5-8.i386.rpm
File outdated by:  RHSA-2002:060		     d335b1d74a5f5ec63cafc55aae7d2bb9
Zope-zserver-2.2.5-8.i386.rpm
File outdated by:  RHSA-2002:060		     da0c212ae65667d360f282fab4c50f39
Zope-ztemplates-2.2.5-8.i386.rpm
File outdated by:  RHSA-2002:060		     edcfa547423e49a29e6a0f32d7bc98cb
 
Powertools 7.1
SRPMS:
Zope-2.2.5-8.src.rpm
File outdated by:  RHSA-2002:060		     1cbc3eeac888b3bf209b739a6f3238b4
 
Alpha:
Zope-2.2.5-8.alpha.rpm
File outdated by:  RHSA-2002:060		     6c76c01f86f4dde5d63441075797783a
Zope-components-2.2.5-8.alpha.rpm
File outdated by:  RHSA-2002:060		     ce1f7032344efaea5d6fb5c032905471
Zope-core-2.2.5-8.alpha.rpm
File outdated by:  RHSA-2002:060		     4c630ecc4f19f48395cf4c7d32a9bee5
Zope-pcgi-2.2.5-8.alpha.rpm
File outdated by:  RHSA-2002:060		     476cf89c1f3f4c530fa95e8e276faa36
Zope-services-2.2.5-8.alpha.rpm
File outdated by:  RHSA-2002:060		     80ed8e74e4fef5270050d806dd39aa71
Zope-zpublisher-2.2.5-8.alpha.rpm
File outdated by:  RHSA-2002:060		     f3e796a9bad8de8c9d0dc531d11f2b76
Zope-zserver-2.2.5-8.alpha.rpm
File outdated by:  RHSA-2002:060		     66abeb448162b75f0d140715c4de84cc
Zope-ztemplates-2.2.5-8.alpha.rpm
File outdated by:  RHSA-2002:060		     4a8c4e9ad9ec6e5839696cbd67331648
 
IA-32:
Zope-2.2.5-8.i386.rpm
File outdated by:  RHSA-2002:060		     c8428b0d4e8bc8c52b218137286ed266
Zope-components-2.2.5-8.i386.rpm
File outdated by:  RHSA-2002:060		     edd23e731a9de98db074feab671273e3
Zope-core-2.2.5-8.i386.rpm
File outdated by:  RHSA-2002:060		     d96f8017dfff29d792dc0208f421e4d3
Zope-pcgi-2.2.5-8.i386.rpm
File outdated by:  RHSA-2002:060		     d621b5ee62c7c34d23bc14a5aa348f42
Zope-services-2.2.5-8.i386.rpm
File outdated by:  RHSA-2002:060		     6b44945ad005e77f2574a7d7e863d86e
Zope-zpublisher-2.2.5-8.i386.rpm
File outdated by:  RHSA-2002:060		     d335b1d74a5f5ec63cafc55aae7d2bb9
Zope-zserver-2.2.5-8.i386.rpm
File outdated by:  RHSA-2002:060		     da0c212ae65667d360f282fab4c50f39
Zope-ztemplates-2.2.5-8.i386.rpm
File outdated by:  RHSA-2002:060		     edcfa547423e49a29e6a0f32d7bc98cb
 

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1227
http://www.zope.org/Products/Zope/Hotfix_2001-09-28/README.txt
http://lwn.net/daily/zope-dtml-fmt.php3

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/