Debian Security Advisory
DSA-006-1 zope -- privilege escalation
- Date Reported:
- 19 Dec 2000
- Affected Packages:
- zope
- Vulnerable:
- Yes
- Security database references:
- No other external database security references currently available.
- More information:
- Last week a Zope security advisory was released which
indicated Erik Enge found a problem in the way Zope calculates roles. In some
situations Zope checked the wrong folder hierarchy which could cause it to
grant local roles when it should not. In other words: users with privileges in
one folder could gain privileges in another folder.
This has been fixed in version 2.1.6-5.3 by including the 2000-12-15 hotfix, and we recommend that you upgrade your zope package immediately.
- Fixed in:
-
Debian 2.2 (potato)
- Source:
-
http://security.debian.org/dists/stable/updates/main/source/zope_2.1.6-5.3.diff.gz
-
http://security.debian.org/dists/stable/updates/main/source/zope_2.1.6-5.3.dsc
-
http://security.debian.org/dists/stable/updates/main/source/zope_2.1.6.orig.tar.gz
- alpha:
-
http://security.debian.org/dists/stable/updates/main/binary-alpha/zope_2.1.6-5.3_alpha.deb
- arm:
-
http://security.debian.org/dists/stable/updates/main/binary-arm/zope_2.1.6-5.3_arm.deb
- i386:
-
http://security.debian.org/dists/stable/updates/main/binary-i386/zope_2.1.6-5.3_i386.deb
- m68k:
-
http://security.debian.org/dists/stable/updates/main/binary-m68k/zope_2.1.6-5.3_m68k.deb
- powerpc:
-
http://security.debian.org/dists/stable/updates/main/binary-powerpc/zope_2.1.6-5.3_powerpc.deb
- sparc:
-
http://security.debian.org/dists/stable/updates/main/binary-sparc/zope_2.1.6-5.3_sparc.deb