[ advisories | exploits | discussions | news | conventions | security tools | texts & papers ]
 main menu
- feedback
- advertising
- privacy
- FightAIDS
- newsletter
- news
 
 discussions
- read forum
- new topic
- search
 

 meetings
- meetings list
- recent additions
- add your info
 
 top 100 sites
- visit top sites
- sign up now
- members
 
 webmasters

- add your url
- add domain
- search box
- link to us

 
 projects
- our projects
- free email
 
 m4d network
- security software
- secureroot
- m4d.com
Home : Advisories : Conectiva Linux Security Announcement

Title: Conectiva Linux Security Announcement
Released by: Conectiva
Date: 16th August 1999
Printable version: Click here 
-----------------------------------------------------------------------

CONECTIVA LINUX SECURITY ANNOUNCEMENT

-----------------------------------------------------------------------



PACKAGE   : Zope

SUMMARY   : Permission problems

DATE      : 2000-08-15 15:20:00

AFFECTED CONECTIVA VERSIONS : 4.2, 5.0, 5.1



----------------------------------------------------------------------



DESCRIPTION

 The issue involves the fact that the getRoles method of user objects contained in the default UserFolder implementation returns a mutable Python type. Because the mutable object is still associated with the persistent User object, users with the ability to edit DTML could arrange to give themselves extra roles for the duration of a single request by mutating the roles list as a part of the request processing.





SOLUTION

 Zope users should upgrade to the updated packages. These packages already contain the Hotfix that was released by the Zope team to address this issue.





DIRECT DOWNLOAD LINKS TO THE UPDATED PACKAGES

http://atualizacoes.conectiva.com.br/4.2/SRPMS/Zope-2.1.7-5cl.src.rpm

http://atualizacoes.conectiva.com.br/4.2/i386/Zope-2.1.7-5cl.i386.rpm

http://atualizacoes.conectiva.com.br/4.2/i386/Zope-components-2.1.7-5cl.i386.rpm

http://atualizacoes.conectiva.com.br/4.2/i386/Zope-core-2.1.7-5cl.i386.rpm

http://atualizacoes.conectiva.com.br/4.2/i386/Zope-pcgi-2.1.7-5cl.i386.rpm

http://atualizacoes.conectiva.com.br/4.2/i386/Zope-services-2.1.7-5cl.i386.rpm

http://atualizacoes.conectiva.com.br/4.2/i386/Zope-zpublisher-2.1.7-5cl.i386.rpm

http://atualizacoes.conectiva.com.br/4.2/i386/Zope-ztemplates-2.1.7-5cl.i386.rpm

http://atualizacoes.conectiva.com.br/5.0/SRPMS/Zope-2.1.7-5cl.src.rpm

http://atualizacoes.conectiva.com.br/5.0/i386/Zope-2.1.7-5cl.i386.rpm

http://atualizacoes.conectiva.com.br/5.0/i386/Zope-components-2.1.7-5cl.i386.rpm

http://atualizacoes.conectiva.com.br/5.0/i386/Zope-core-2.1.7-5cl.i386.rpm

http://atualizacoes.conectiva.com.br/5.0/i386/Zope-pcgi-2.1.7-5cl.i386.rpm

http://atualizacoes.conectiva.com.br/5.0/i386/Zope-services-2.1.7-5cl.i386.rpm

http://atualizacoes.conectiva.com.br/5.0/i386/Zope-zpublisher-2.1.7-5cl.i386.rpm

http://atualizacoes.conectiva.com.br/5.0/i386/Zope-ztemplates-2.1.7-5cl.i386.rpm

http://atualizacoes.conectiva.com.br/5.1/SRPMS/Zope-2.1.7-5cl.src.rpm

http://atualizacoes.conectiva.com.br/5.1/i386/Zope-2.1.7-5cl.i386.rpm

http://atualizacoes.conectiva.com.br/5.1/i386/Zope-components-2.1.7-5cl.i386.rpm

http://atualizacoes.conectiva.com.br/5.1/i386/Zope-core-2.1.7-5cl.i386.rpm

http://atualizacoes.conectiva.com.br/5.1/i386/Zope-pcgi-2.1.7-5cl.i386.rpm

http://atualizacoes.conectiva.com.br/5.1/i386/Zope-services-2.1.7-5cl.i386.rpm

http://atualizacoes.conectiva.com.br/5.1/i386/Zope-zpublisher-2.1.7-5cl.i386.rpm

http://atualizacoes.conectiva.com.br/5.1/i386/Zope-ztemplates-2.1.7-5cl.i386.rpm





----------------------------------------------------------------------



All packages are signed with Conectiva's GPG key. The key can be

obtained at http://www.conectiva.com.br/contato



----------------------------------------------------------------------

subscribe: atualizacoes-anuncio-subscribe@bazar.conectiva.com.br

unsubscribe: atualizacoes-anuncio-unsubscribe@bazar.conectiva.com.br






(C) 1999-2000 All rights reserved.