LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: August 29th, 2014
Linux Security Week: August 25th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
RedHat: Zope ZClass security flaw Print E-mail
User Rating:      How can I rate this item?
Posted by LinuxSecurity.com Team   
RedHat Linux The issue is related to ZClasses in that any user can visit a ZClass declaration and change the ZClass permission mappings for methodsand other objects defined within the ZClass, possibly allowing forunauthorized access within the Zope instance.

---------------------------------------------------------------------
                   Red Hat, Inc. Red Hat Security Advisory

Synopsis:          New Zope packages are available
Advisory ID:       RHSA-2001:065-05
Issue date:        2001-05-02
Updated on:        2001-05-14
Product:           Red Hat Powertools
Keywords:          
Cross references:  
Obsoletes:         RHSA-2001-021 RHSA-2000-135 RHSA-2000-125
---------------------------------------------------------------------

1. Topic:

New Zope packages are available which fix a security flaw with ZClass.

2. Relevant releases/architectures:

Red Hat Powertools 6.2 - alpha, i386, sparc

Red Hat Powertools 7.0 - alpha, i386

Red Hat Powertools 7.1 - i386

3. Problem description:

This package includes a "hotfix" product which addresses a security 
problem with ZClasses, as descripbed in the Hotfix_2001-05-01 README.txt 
file: "The issue is related to ZClasses in that any user can visit a 
ZClass declaration and change the ZClass permission mappings for methods
and other objects defined within the ZClass, possibly allowing for
unauthorized access within the Zope instance."

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

To update all RPMs for your particular architecture, run:

rpm -Fvh [filenames]

where [filenames] is a list of the RPMs you wish to upgrade.  Only those
RPMs which are currently installed will be updated.  Those RPMs which are
not installed but included in the list will not be updated.  Note that you
can also use wildcards (*.rpm) if your current directory *only* contains the
desired RPMs.

Please note that this update is also available via Red Hat Network.  Many
people find this an easier way to apply updates.  To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

5. Bug IDs fixed  (http://bugzilla.Red Hat.com/bugzilla for more info):



6. RPMs required:

Red Hat Powertools 6.2:

SRPMS: 
ftp://updates.Red Hat.com/6.2/en/powertools/SRPMS/Zope-2.2.4-7.src.rpm

alpha: 
ftp://updates.Red Hat.com/6.2/en/powertools/alpha/Zope-2.2.4-7.alpha.rpm 
ftp://updates.Red Hat.com/6.2/en/powertools/alpha/Zope-core-2.2.4-7.alpha.rpm 
ftp://updates.Red Hat.com/6.2/en/powertools/alpha/Zope-components-2.2.4-7.alpha.rpm 
ftp://updates.Red Hat.com/6.2/en/powertools/alpha/Zope-ztemplates-2.2.4-7.alpha.rpm 
ftp://updates.Red Hat.com/6.2/en/powertools/alpha/Zope-zpublisher-2.2.4-7.alpha.rpm 
ftp://updates.Red Hat.com/6.2/en/powertools/alpha/Zope-services-2.2.4-7.alpha.rpm 
ftp://updates.Red Hat.com/6.2/en/powertools/alpha/Zope-zserver-2.2.4-7.alpha.rpm 
ftp://updates.Red Hat.com/6.2/en/powertools/alpha/Zope-pcgi-2.2.4-7.alpha.rpm

i386: 
ftp://updates.Red Hat.com/6.2/en/powertools/i386/Zope-2.2.4-7.i386.rpm 
ftp://updates.Red Hat.com/6.2/en/powertools/i386/Zope-core-2.2.4-7.i386.rpm 
ftp://updates.Red Hat.com/6.2/en/powertools/i386/Zope-components-2.2.4-7.i386.rpm 
ftp://updates.Red Hat.com/6.2/en/powertools/i386/Zope-ztemplates-2.2.4-7.i386.rpm 
ftp://updates.Red Hat.com/6.2/en/powertools/i386/Zope-zpublisher-2.2.4-7.i386.rpm 
ftp://updates.Red Hat.com/6.2/en/powertools/i386/Zope-services-2.2.4-7.i386.rpm 
ftp://updates.Red Hat.com/6.2/en/powertools/i386/Zope-zserver-2.2.4-7.i386.rpm 
ftp://updates.Red Hat.com/6.2/en/powertools/i386/Zope-pcgi-2.2.4-7.i386.rpm

sparc: 
ftp://updates.Red Hat.com/6.2/en/powertools/sparc/Zope-2.2.4-7.sparc.rpm 
ftp://updates.Red Hat.com/6.2/en/powertools/sparc/Zope-core-2.2.4-7.sparc.rpm 
ftp://updates.Red Hat.com/6.2/en/powertools/sparc/Zope-components-2.2.4-7.sparc.rpm 
ftp://updates.Red Hat.com/6.2/en/powertools/sparc/Zope-ztemplates-2.2.4-7.sparc.rpm 
ftp://updates.Red Hat.com/6.2/en/powertools/sparc/Zope-zpublisher-2.2.4-7.sparc.rpm 
ftp://updates.Red Hat.com/6.2/en/powertools/sparc/Zope-services-2.2.4-7.sparc.rpm 
ftp://updates.Red Hat.com/6.2/en/powertools/sparc/Zope-zserver-2.2.4-7.sparc.rpm 
ftp://updates.Red Hat.com/6.2/en/powertools/sparc/Zope-pcgi-2.2.4-7.sparc.rpm

Red Hat Powertools 7.0:

SRPMS: 
ftp://updates.Red Hat.com/7.0/en/powertools/SRPMS/Zope-2.2.5-6.src.rpm

alpha: 
ftp://updates.Red Hat.com/7.0/en/powertools/alpha/Zope-2.2.5-6.alpha.rpm 
ftp://updates.Red Hat.com/7.0/en/powertools/alpha/Zope-core-2.2.5-6.alpha.rpm 
ftp://updates.Red Hat.com/7.0/en/powertools/alpha/Zope-components-2.2.5-6.alpha.rpm 
ftp://updates.Red Hat.com/7.0/en/powertools/alpha/Zope-ztemplates-2.2.5-6.alpha.rpm 
ftp://updates.Red Hat.com/7.0/en/powertools/alpha/Zope-zpublisher-2.2.5-6.alpha.rpm 
ftp://updates.Red Hat.com/7.0/en/powertools/alpha/Zope-services-2.2.5-6.alpha.rpm 
ftp://updates.Red Hat.com/7.0/en/powertools/alpha/Zope-zserver-2.2.5-6.alpha.rpm 
ftp://updates.Red Hat.com/7.0/en/powertools/alpha/Zope-pcgi-2.2.5-6.alpha.rpm

i386: 
ftp://updates.Red Hat.com/7.0/en/powertools/i386/Zope-2.2.5-6.i386.rpm 
ftp://updates.Red Hat.com/7.0/en/powertools/i386/Zope-core-2.2.5-6.i386.rpm 
ftp://updates.Red Hat.com/7.0/en/powertools/i386/Zope-components-2.2.5-6.i386.rpm 
ftp://updates.Red Hat.com/7.0/en/powertools/i386/Zope-ztemplates-2.2.5-6.i386.rpm 
ftp://updates.Red Hat.com/7.0/en/powertools/i386/Zope-zpublisher-2.2.5-6.i386.rpm 
ftp://updates.Red Hat.com/7.0/en/powertools/i386/Zope-services-2.2.5-6.i386.rpm 
ftp://updates.Red Hat.com/7.0/en/powertools/i386/Zope-zserver-2.2.5-6.i386.rpm 
ftp://updates.Red Hat.com/7.0/en/powertools/i386/Zope-pcgi-2.2.5-6.i386.rpm

Red Hat Powertools 7.1:

SRPMS: 
ftp://updates.Red Hat.com/7.1/en/powertools/SRPMS/Zope-2.2.5-6.src.rpm

i386: 
ftp://updates.Red Hat.com/7.1/en/powertools/i386/Zope-2.2.5-6.i386.rpm 
ftp://updates.Red Hat.com/7.1/en/powertools/i386/Zope-core-2.2.5-6.i386.rpm 
ftp://updates.Red Hat.com/7.1/en/powertools/i386/Zope-components-2.2.5-6.i386.rpm 
ftp://updates.Red Hat.com/7.1/en/powertools/i386/Zope-ztemplates-2.2.5-6.i386.rpm 
ftp://updates.Red Hat.com/7.1/en/powertools/i386/Zope-zpublisher-2.2.5-6.i386.rpm 
ftp://updates.Red Hat.com/7.1/en/powertools/i386/Zope-services-2.2.5-6.i386.rpm 
ftp://updates.Red Hat.com/7.1/en/powertools/i386/Zope-zserver-2.2.5-6.i386.rpm 
ftp://updates.Red Hat.com/7.1/en/powertools/i386/Zope-pcgi-2.2.5-6.i386.rpm



7. Verification:

MD5 sum                           Package Name
--------------------------------------------------------------------------
68d8883fba8b93f46663a22b9453b704 6.2/en/powertools/SRPMS/Zope-2.2.4-7.src.rpm
60e6795963fe1dfd2c41216db13f2abd 6.2/en/powertools/alpha/Zope-2.2.4-7.alpha.rpm
312f409da0312d78087c5f22713d2972 6.2/en/powertools/alpha/Zope-components-2.2.4-7.alpha.rpm
611b719f9a135d2954aa4e1f98761c75 6.2/en/powertools/alpha/Zope-core-2.2.4-7.alpha.rpm
472c9399c5b5436c06c10f886d48270a 6.2/en/powertools/alpha/Zope-pcgi-2.2.4-7.alpha.rpm
310cd4e8d8c99a48d6efe6159c45bf15 6.2/en/powertools/alpha/Zope-services-2.2.4-7.alpha.rpm
6814549a40440a5c1aa32155bca66c03 6.2/en/powertools/alpha/Zope-zpublisher-2.2.4-7.alpha.rpm
96fc568da7466af73f2fb056313446b8 6.2/en/powertools/alpha/Zope-zserver-2.2.4-7.alpha.rpm
251704804aa579ecbe14a2e08df7ba83 6.2/en/powertools/alpha/Zope-ztemplates-2.2.4-7.alpha.rpm
9d412bb7abf56bfcd87fe950031e76cf 6.2/en/powertools/i386/Zope-2.2.4-7.i386.rpm
86445651972ca85c51cc8d80814320f3 6.2/en/powertools/i386/Zope-components-2.2.4-7.i386.rpm
c18bb610245f0a69723f5bbe3617a762 6.2/en/powertools/i386/Zope-core-2.2.4-7.i386.rpm
1e1cb85815d08bad6f1380235c709235 6.2/en/powertools/i386/Zope-pcgi-2.2.4-7.i386.rpm
6e2649efb3f63a0a7cc6c36a866caa31 6.2/en/powertools/i386/Zope-services-2.2.4-7.i386.rpm
485350f1457f5ab8f2b8a8b76281a6bc 6.2/en/powertools/i386/Zope-zpublisher-2.2.4-7.i386.rpm
52ebb265edc86478f1b966a362127c4f 6.2/en/powertools/i386/Zope-zserver-2.2.4-7.i386.rpm
7475a10000023d5b7161986e654fa7eb 6.2/en/powertools/i386/Zope-ztemplates-2.2.4-7.i386.rpm
16772d94da2dddfdc9581c166a5580fc 6.2/en/powertools/sparc/Zope-2.2.4-7.sparc.rpm
2661262f459731a3526322eee18bf837 6.2/en/powertools/sparc/Zope-components-2.2.4-7.sparc.rpm
095bfb4731b33e9641ef07e23dabaa77 6.2/en/powertools/sparc/Zope-core-2.2.4-7.sparc.rpm
6b8c33d75f9992f232d46ae7c218ba8c 6.2/en/powertools/sparc/Zope-pcgi-2.2.4-7.sparc.rpm
7714c0b5701a35d68999e6a56ffe4d8f 6.2/en/powertools/sparc/Zope-services-2.2.4-7.sparc.rpm
62b9a1d8776664bd179eedea6462e264 6.2/en/powertools/sparc/Zope-zpublisher-2.2.4-7.sparc.rpm
9dcec718a2c240dfdb6a57f016f622b7 6.2/en/powertools/sparc/Zope-zserver-2.2.4-7.sparc.rpm
294061ae90c35fa6d59545d8e2f9c481 6.2/en/powertools/sparc/Zope-ztemplates-2.2.4-7.sparc.rpm
fd0da348b8cc62664ea46bdcf118bfe4 7.0/en/powertools/SRPMS/Zope-2.2.5-6.src.rpm
11b0278d0b09896366cb7c161fd28002 7.0/en/powertools/alpha/Zope-2.2.5-6.alpha.rpm
7ed1edb7f4e24dc6a2f52b6fd2c4cd4d 7.0/en/powertools/alpha/Zope-components-2.2.5-6.alpha.rpm
8f51620d8a6515411c5add627fd93dd2 7.0/en/powertools/alpha/Zope-core-2.2.5-6.alpha.rpm
1c6050a604b2c60393505f80c33af9cb 7.0/en/powertools/alpha/Zope-pcgi-2.2.5-6.alpha.rpm
986403228735ac040d3cdcdb723380d5 7.0/en/powertools/alpha/Zope-services-2.2.5-6.alpha.rpm
c4eb9d9d11ec4849dbf094f435fc6c6f 7.0/en/powertools/alpha/Zope-zpublisher-2.2.5-6.alpha.rpm
f7067d836ecedd206de3ee8ee784c28c 7.0/en/powertools/alpha/Zope-zserver-2.2.5-6.alpha.rpm
49e8471b1658a8fdba3912cf5a2f5702 7.0/en/powertools/alpha/Zope-ztemplates-2.2.5-6.alpha.rpm
f37781f1f1e9c269fc99665948e9a982 7.0/en/powertools/i386/Zope-2.2.5-6.i386.rpm
2273a92eb0977cf3d1314c25ab1c9641 7.0/en/powertools/i386/Zope-components-2.2.5-6.i386.rpm
a22e60c220fbac47102fc8e2215d7e5a 7.0/en/powertools/i386/Zope-core-2.2.5-6.i386.rpm
f4f588636465b95910f98608bf39e165 7.0/en/powertools/i386/Zope-pcgi-2.2.5-6.i386.rpm
220f5e45dd5aa32c2a410e0a37175ce3 7.0/en/powertools/i386/Zope-services-2.2.5-6.i386.rpm
cfaa9c3fd88aa1eb034ada8be34a0163 7.0/en/powertools/i386/Zope-zpublisher-2.2.5-6.i386.rpm
01dfc35688a0dda4e7d864f127a69792 7.0/en/powertools/i386/Zope-zserver-2.2.5-6.i386.rpm
3058e069563cc7d986db91feebca9add 7.0/en/powertools/i386/Zope-ztemplates-2.2.5-6.i386.rpm
fd0da348b8cc62664ea46bdcf118bfe4 7.1/en/powertools/SRPMS/Zope-2.2.5-6.src.rpm
f37781f1f1e9c269fc99665948e9a982 7.1/en/powertools/i386/Zope-2.2.5-6.i386.rpm
2273a92eb0977cf3d1314c25ab1c9641 7.1/en/powertools/i386/Zope-components-2.2.5-6.i386.rpm
a22e60c220fbac47102fc8e2215d7e5a 7.1/en/powertools/i386/Zope-core-2.2.5-6.i386.rpm
f4f588636465b95910f98608bf39e165 7.1/en/powertools/i386/Zope-pcgi-2.2.5-6.i386.rpm
220f5e45dd5aa32c2a410e0a37175ce3 7.1/en/powertools/i386/Zope-services-2.2.5-6.i386.rpm
cfaa9c3fd88aa1eb034ada8be34a0163 7.1/en/powertools/i386/Zope-zpublisher-2.2.5-6.i386.rpm
01dfc35688a0dda4e7d864f127a69792 7.1/en/powertools/i386/Zope-zserver-2.2.5-6.i386.rpm
3058e069563cc7d986db91feebca9add 7.1/en/powertools/i386/Zope-ztemplates-2.2.5-6.i386.rpm

These packages are GPG signed by Red Hat, Inc. for security.  Our key
is available at:
     http://www.Red Hat.com/corp/contact.html

You can verify each package with the following command:
    rpm --checksig  

If you only wish to verify that each package has not been corrupted or
tampered with, examine only the md5sum with the following command:
    rpm --checksig --nogpg 

8. References:
 
http://www.zope.org/Products/Zope/Hotfix_2001-05-01/README.txt


Copyright(c) 2000, 2001 Red Hat, Inc.

 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Weekend Edition
How Cops and Hackers Could Abuse California’s New Phone Kill-Switch Law
Why Russian hackers are beating us
DQ Breach? HQ Says No, But Would it Know?
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.