[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[linux-security] another Zope hotfix for RedHat

To: linux-security
Subject: [linux-security] another Zope hotfix for RedHat
From: Martin Siegert <siegert@sfu.ca>
Date: Thu, 21 Dec 2000 17:45:35 -0800
User-Agent: Mutt/1.2i

Sorry, just after I sent out the previous Zope advisory I received
another Red Hat Security Advisory about Zope.

Problem description
===================
The issue involves incorrect protection of a data updating method on Image
and File objects. Because the method was not correctly protected, it was
possible for users with DTML editing privileges to update the raw data of
aprivileges File or Image object via DTML, though they did not have editing
on the objects themselves.

Affected Systems
================
RedHat systems with Zope from RedHat powertools installed.

Solution
========

RH 6.1, 6.2, 7.0
rpm -Fvh Zope-Hotfix-DTML-2000_12_18-1.noarch.rpm

Prev by Date: [linux-security] DoS in rp-pppoe package
Next by Date: [linux-security] another stunnel update for RedHat 7.0
Prev by thread: [linux-security] another stunnel update for RedHat 7.0
Next by thread: [linux-security] DoS in rp-pppoe package
Index(es):
- Date
- Thread