[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[linux-security] another Zope hotfix for RedHat
- To: linux-security
- Subject: [linux-security] another Zope hotfix for RedHat
- From: Martin Siegert <siegert@sfu.ca>
- Date: Thu, 21 Dec 2000 17:45:35 -0800
- User-Agent: Mutt/1.2i
Sorry, just after I sent out the previous Zope advisory I received
another Red Hat Security Advisory about Zope.
Problem description
===================
The issue involves incorrect protection of a data updating method on Image
and File objects. Because the method was not correctly protected, it was
possible for users with DTML editing privileges to update the raw data of
aprivileges File or Image object via DTML, though they did not have editing
on the objects themselves.
Affected Systems
================
RedHat systems with Zope from RedHat powertools installed.
Solution
========
RH 6.1, 6.2, 7.0
rpm -Fvh Zope-Hotfix-DTML-2000_12_18-1.noarch.rpm