1 Sep 2000 17:41
[Fwd: [Security Announce] MDKSA-2000:043 - Zope update]
Mario Guerra <mguerra <at> ns.ucr.ac.cr>
2000-09-01 15:41:29 GMT
2000-09-01 15:41:29 GMT
Subject: [Security Announce] MDKSA-2000:043 - Zope update
Date: 2000-09-01 06:11:58 GMT
________________________________________________________________________
Linux-Mandrake Security Update Advisory
________________________________________________________________________
Package name: Zope
Date: September 1st, 2000
Advisory ID: MDKSA-2000:043
Affected versions: 7.1
________________________________________________________________________
Problem Description:
The exploit that was not fixed with the previous Zope hotfix involves
the getRoles method of user objects contained in the default UserFolder
implementation returning a mutable Python type. Because the mutable
object is still associated with the persistent User object, users with
the ability to edit DTML could arrange to give themselves extra roles
(Continue reading)
RSS Feed