Skip to navigation

Security Advisory New Zope packages are available

Advisory: RHSA-2001:115-05
Type: Security Advisory
Severity: N/A
Issued on: 2001-10-02
Last updated on: 2001-10-09
Affected Products: Powertools 6.2
Powertools 7.0
Powertools 7.1
CVEs (cve.mitre.org): CVE-2001-1227

Details

New Zope packages are available which fix a security flaw with DTML
scripting.

The updated packages include a "hotfix" product which addresses a security
problem with DTML scripting, as described in the Hotfix_2001-09-28
README.txt file: "The issue involves the fmt attribute of dtml-var tags.
Without this correction, Zope does not check security access to methods
invoked through fmt. This issue could allow partially trusted users with
enough knowledge of Zope to call, in a limited way, methods they would not
otherwise be allowed to access."


Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

To update all RPMs for your particular architecture, run:

rpm -Fvh [filenames]

where [filenames] is a list of the RPMs you wish to upgrade. Only those
RPMs which are currently installed will be updated. Those RPMs which are
not installed but included in the list will not be updated. Note that you
can also use wildcards (*.rpm) if your current directory *only* contains
the desired RPMs.

Please note that this update is also available via Red Hat Network. Many
people find this to be an easier way to apply updates. To use Red Hat
Network, launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

After you have updated the packages, you must restart zope:

/etc/rc.d/init.d/zope restart

Updated packages

Powertools 6.2
SRPMS:
ftp://updates.redhat.com/rhn/repository/NULL/Zope/2.2.4-9/SRPMS/Zope-2.2.4-9.src.rpm
Missing file		     MD5: 3c1235415148e6623f64e0a4e76e4d1d
 
Alpha:
ftp://updates.redhat.com/rhn/repository/NULL/Zope/2.2.4-9/alpha/Zope-2.2.4-9.alpha.rpm
Missing file		     MD5: 1db6c7dd618f2219f550c4c3dd6378e7
ftp://updates.redhat.com/rhn/repository/NULL/Zope-components/2.2.4-9/alpha/Zope-components-2.2.4-9.alpha.rpm
Missing file		     MD5: d1714ff497622f75aaab08633f8b5f40
ftp://updates.redhat.com/rhn/repository/NULL/Zope-core/2.2.4-9/alpha/Zope-core-2.2.4-9.alpha.rpm
Missing file		     MD5: a5e071a56fbde35af7adf04bb3f82a6e
ftp://updates.redhat.com/rhn/repository/NULL/Zope-pcgi/2.2.4-9/alpha/Zope-pcgi-2.2.4-9.alpha.rpm
Missing file		     MD5: 2638543302411fa5e2dd3fbb214590c1
ftp://updates.redhat.com/rhn/repository/NULL/Zope-services/2.2.4-9/alpha/Zope-services-2.2.4-9.alpha.rpm
Missing file		     MD5: 7b989758802b4c47a0c6d54bbe4c15ff
ftp://updates.redhat.com/rhn/repository/NULL/Zope-zpublisher/2.2.4-9/alpha/Zope-zpublisher-2.2.4-9.alpha.rpm
Missing file		     MD5: 671673618debf9a2f2691e44b7f3949d
ftp://updates.redhat.com/rhn/repository/NULL/Zope-zserver/2.2.4-9/alpha/Zope-zserver-2.2.4-9.alpha.rpm
Missing file		     MD5: 581f0f4fab451ff23fcaba7988ec56fb
ftp://updates.redhat.com/rhn/repository/NULL/Zope-ztemplates/2.2.4-9/alpha/Zope-ztemplates-2.2.4-9.alpha.rpm
Missing file		     MD5: a4d6e35ab199f6d1cfb64abcb019c6b6
 
IA-32:
ftp://updates.redhat.com/rhn/repository/NULL/Zope/2.2.4-9/i386/Zope-2.2.4-9.i386.rpm
Missing file		     MD5: 72034fb8d7a6dffd4c903f0f3c2322b8
ftp://updates.redhat.com/rhn/repository/NULL/Zope-components/2.2.4-9/i386/Zope-components-2.2.4-9.i386.rpm
Missing file		     MD5: 3cab22c23facbaf6ab30ee9a5fc99cdd
ftp://updates.redhat.com/rhn/repository/NULL/Zope-core/2.2.4-9/i386/Zope-core-2.2.4-9.i386.rpm
Missing file		     MD5: 7c72b25ae0c38a7a868b539633a66150
ftp://updates.redhat.com/rhn/repository/NULL/Zope-pcgi/2.2.4-9/i386/Zope-pcgi-2.2.4-9.i386.rpm
Missing file		     MD5: ae85a8ecb8e41caf044d4424b544f20e
ftp://updates.redhat.com/rhn/repository/NULL/Zope-services/2.2.4-9/i386/Zope-services-2.2.4-9.i386.rpm
Missing file		     MD5: c32ae40d8c7c82fb1b43e32ed956ebda
ftp://updates.redhat.com/rhn/repository/NULL/Zope-zpublisher/2.2.4-9/i386/Zope-zpublisher-2.2.4-9.i386.rpm
Missing file		     MD5: 490c9af30fe7918cb6df5cca509ef19a
ftp://updates.redhat.com/rhn/repository/NULL/Zope-zserver/2.2.4-9/i386/Zope-zserver-2.2.4-9.i386.rpm
Missing file		     MD5: 5a30fa8bf31b2f7eaaf6da8a47420a10
ftp://updates.redhat.com/rhn/repository/NULL/Zope-ztemplates/2.2.4-9/i386/Zope-ztemplates-2.2.4-9.i386.rpm
Missing file		     MD5: aaab79e53686b566ae5af737876e7825
 
Sparc:
ftp://updates.redhat.com/rhn/repository/NULL/Zope/2.2.4-9/sparc/Zope-2.2.4-9.sparc.rpm
Missing file		     MD5: 07aad896f42d36ea0ad1a2674ade9774
ftp://updates.redhat.com/rhn/repository/NULL/Zope-components/2.2.4-9/sparc/Zope-components-2.2.4-9.sparc.rpm
Missing file		     MD5: 368a10766c6effe9c7c33ca50942c3cf
ftp://updates.redhat.com/rhn/repository/NULL/Zope-core/2.2.4-9/sparc/Zope-core-2.2.4-9.sparc.rpm
Missing file		     MD5: 77f2bb0d08c9baaf40264758726777e1
ftp://updates.redhat.com/rhn/repository/NULL/Zope-pcgi/2.2.4-9/sparc/Zope-pcgi-2.2.4-9.sparc.rpm
Missing file		     MD5: 51c27034d265e0971464d7a7bfc02aeb
ftp://updates.redhat.com/rhn/repository/NULL/Zope-services/2.2.4-9/sparc/Zope-services-2.2.4-9.sparc.rpm
Missing file		     MD5: d4e01fc786ad6dbd1aae654e1b83768d
ftp://updates.redhat.com/rhn/repository/NULL/Zope-zpublisher/2.2.4-9/sparc/Zope-zpublisher-2.2.4-9.sparc.rpm
Missing file		     MD5: 85da16d400b48c7a7ea365f88bb47d43
ftp://updates.redhat.com/rhn/repository/NULL/Zope-zserver/2.2.4-9/sparc/Zope-zserver-2.2.4-9.sparc.rpm
Missing file		     MD5: 68fbb73fd991ea3cfc4e19a9acc3f527
ftp://updates.redhat.com/rhn/repository/NULL/Zope-ztemplates/2.2.4-9/sparc/Zope-ztemplates-2.2.4-9.sparc.rpm
Missing file		     MD5: 112d287aaeb0013787699b99ddfb9e74
 
Powertools 7.0
SRPMS:
Zope-2.2.5-8.src.rpm
File outdated by:  RHSA-2002:060		     MD5: 1cbc3eeac888b3bf209b739a6f3238b4
 
Alpha:
Zope-2.2.5-8.alpha.rpm
File outdated by:  RHSA-2002:060		     MD5: 6c76c01f86f4dde5d63441075797783a
Zope-components-2.2.5-8.alpha.rpm
File outdated by:  RHSA-2002:060		     MD5: ce1f7032344efaea5d6fb5c032905471
Zope-core-2.2.5-8.alpha.rpm
File outdated by:  RHSA-2002:060		     MD5: 4c630ecc4f19f48395cf4c7d32a9bee5
Zope-pcgi-2.2.5-8.alpha.rpm
File outdated by:  RHSA-2002:060		     MD5: 476cf89c1f3f4c530fa95e8e276faa36
Zope-services-2.2.5-8.alpha.rpm
File outdated by:  RHSA-2002:060		     MD5: 80ed8e74e4fef5270050d806dd39aa71
Zope-zpublisher-2.2.5-8.alpha.rpm
File outdated by:  RHSA-2002:060		     MD5: f3e796a9bad8de8c9d0dc531d11f2b76
Zope-zserver-2.2.5-8.alpha.rpm
File outdated by:  RHSA-2002:060		     MD5: 66abeb448162b75f0d140715c4de84cc
Zope-ztemplates-2.2.5-8.alpha.rpm
File outdated by:  RHSA-2002:060		     MD5: 4a8c4e9ad9ec6e5839696cbd67331648
 
IA-32:
Zope-2.2.5-8.i386.rpm
File outdated by:  RHSA-2002:060		     MD5: c8428b0d4e8bc8c52b218137286ed266
Zope-components-2.2.5-8.i386.rpm
File outdated by:  RHSA-2002:060		     MD5: edd23e731a9de98db074feab671273e3
Zope-core-2.2.5-8.i386.rpm
File outdated by:  RHSA-2002:060		     MD5: d96f8017dfff29d792dc0208f421e4d3
Zope-pcgi-2.2.5-8.i386.rpm
File outdated by:  RHSA-2002:060		     MD5: d621b5ee62c7c34d23bc14a5aa348f42
Zope-services-2.2.5-8.i386.rpm
File outdated by:  RHSA-2002:060		     MD5: 6b44945ad005e77f2574a7d7e863d86e
Zope-zpublisher-2.2.5-8.i386.rpm
File outdated by:  RHSA-2002:060		     MD5: d335b1d74a5f5ec63cafc55aae7d2bb9
Zope-zserver-2.2.5-8.i386.rpm
File outdated by:  RHSA-2002:060		     MD5: da0c212ae65667d360f282fab4c50f39
Zope-ztemplates-2.2.5-8.i386.rpm
File outdated by:  RHSA-2002:060		     MD5: edcfa547423e49a29e6a0f32d7bc98cb
 
Powertools 7.1
SRPMS:
Zope-2.2.5-8.src.rpm
File outdated by:  RHSA-2002:060		     MD5: 1cbc3eeac888b3bf209b739a6f3238b4
 
Alpha:
Zope-2.2.5-8.alpha.rpm
File outdated by:  RHSA-2002:060		     MD5: 6c76c01f86f4dde5d63441075797783a
Zope-components-2.2.5-8.alpha.rpm
File outdated by:  RHSA-2002:060		     MD5: ce1f7032344efaea5d6fb5c032905471
Zope-core-2.2.5-8.alpha.rpm
File outdated by:  RHSA-2002:060		     MD5: 4c630ecc4f19f48395cf4c7d32a9bee5
Zope-pcgi-2.2.5-8.alpha.rpm
File outdated by:  RHSA-2002:060		     MD5: 476cf89c1f3f4c530fa95e8e276faa36
Zope-services-2.2.5-8.alpha.rpm
File outdated by:  RHSA-2002:060		     MD5: 80ed8e74e4fef5270050d806dd39aa71
Zope-zpublisher-2.2.5-8.alpha.rpm
File outdated by:  RHSA-2002:060		     MD5: f3e796a9bad8de8c9d0dc531d11f2b76
Zope-zserver-2.2.5-8.alpha.rpm
File outdated by:  RHSA-2002:060		     MD5: 66abeb448162b75f0d140715c4de84cc
Zope-ztemplates-2.2.5-8.alpha.rpm
File outdated by:  RHSA-2002:060		     MD5: 4a8c4e9ad9ec6e5839696cbd67331648
 
IA-32:
Zope-2.2.5-8.i386.rpm
File outdated by:  RHSA-2002:060		     MD5: c8428b0d4e8bc8c52b218137286ed266
Zope-components-2.2.5-8.i386.rpm
File outdated by:  RHSA-2002:060		     MD5: edd23e731a9de98db074feab671273e3
Zope-core-2.2.5-8.i386.rpm
File outdated by:  RHSA-2002:060		     MD5: d96f8017dfff29d792dc0208f421e4d3
Zope-pcgi-2.2.5-8.i386.rpm
File outdated by:  RHSA-2002:060		     MD5: d621b5ee62c7c34d23bc14a5aa348f42
Zope-services-2.2.5-8.i386.rpm
File outdated by:  RHSA-2002:060		     MD5: 6b44945ad005e77f2574a7d7e863d86e
Zope-zpublisher-2.2.5-8.i386.rpm
File outdated by:  RHSA-2002:060		     MD5: d335b1d74a5f5ec63cafc55aae7d2bb9
Zope-zserver-2.2.5-8.i386.rpm
File outdated by:  RHSA-2002:060		     MD5: da0c212ae65667d360f282fab4c50f39
Zope-ztemplates-2.2.5-8.i386.rpm
File outdated by:  RHSA-2002:060		     MD5: edcfa547423e49a29e6a0f32d7bc98cb
 

References

https://www.redhat.com/security/data/cve/CVE-2001-1227.html
http://www.zope.org/Products/Zope/Hotfix_2001-09-28/README.txt
http://lwn.net/daily/zope-dtml-fmt.php3

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/