Bonjour,
En espérant que ces précisions seront utiles à certains...Il s'agit des
utilisateurs de Zope; ici, un problème de sécurité concernant mandrake ;
[Security Annonce] MDKSA-2001:025-Zope uptdate.
ff.
----- Original Message -----
From: Linux Mandrake Security Team <[EMAIL PROTECTED]>
To: Linux Mandrake Security Announcements
<[EMAIL PROTECTED]>
Cc: Linux Mandrake Security <[EMAIL PROTECTED]>; Bugtraq
<[EMAIL PROTECTED]>; Linux Security List
<[EMAIL PROTECTED]>
Sent: Monday, February 26, 2001 9:52 PM
Subject: [Security Announce] MDKSA-2001:025 - Zope update
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> ________________________________________________________________________
>
> Linux-Mandrake Security Update Advisory
> ________________________________________________________________________
>
> Package name: Zope
> Date: February 26th, 2001
> Advisory ID: MDKSA-2001:025
>
> Affected versions: 7.1, 7.2, Corporate Server 1.0.1
> ________________________________________________________________________
>
> Problem Description:
>
> A new Hotfix for Zope has been released that fixes a very important
> security issue that affects all versions of Zope prior to and including
> 2.3.1b1. Users can use through-the-web scripting capabilities on a
> Zope site to view and assign class attributes to ZClasses, possibly
> allowing them to make inappropriate changes to ZClass instances. As
> well, perceived security problems with the ObjectManager,
> PropertyManager and PropertySheet classes have been fixed as well. It
> is highly recommended that all Linux-Mandrake users using Zope upgrade
> to these new packages immediately.
> ________________________________________________________________________
>
> Please verify the update prior to upgrading to ensure the integrity of
> the downloaded package. You can do this with the command:
> rpm --checksig package.rpm
> You can get the GPG public key of the Linux-Mandrake Security Team at
> http://www.linux-mandrake.com/en/security/RPM-GPG-KEYS
> If you use MandrakeUpdate, the verification of md5 checksum and GPG
> signature is performed automatically for you.
>
> Linux-Mandrake 7.1:
> ce3759b943c84e2cfae88623889d7ede 7.1/RPMS/Zope-2.2.4-1.3mdk.i586.rpm
> 2c7e4f68326e5e67d0f3e4fdaea56ab9
7.1/RPMS/Zope-components-2.2.4-1.3mdk.i586.rpm
> 8d4ac048dd16083e541a7efa45e82f2c 7.1/RPMS/Zope-core-2.2.4-1.3mdk.i586.rpm
> 5675532bdbd34300dc2de372de2ce6c1 7.1/RPMS/Zope-pcgi-2.2.4-1.3mdk.i586.rpm
> ae19fe905d8109c7ef5e9960562436fc
7.1/RPMS/Zope-services-2.2.4-1.3mdk.i586.rpm
> 67af4cd05bae1ab4e6f8aaedcc063c81
7.1/RPMS/Zope-zpublisher-2.2.4-1.3mdk.i586.rpm
> d08bb3f8d5965caf0899091815a55c44
7.1/RPMS/Zope-zserver-2.2.4-1.3mdk.i586.rpm
> 7704a708046b4a11afd237ff2331d60c
7.1/RPMS/Zope-ztemplates-2.2.4-1.3mdk.i586.rpm
> ad2f8f127e025ada0a0767637d3752b6 7.1/SRPMS/Zope-2.2.4-1.3mdk.src.rpm
>
> Linux-Mandrake 7.2:
> 463fbe541395bdff5d6926414eb7e830 7.2/RPMS/Zope-2.2.4-1.3mdk.i586.rpm
> b5f4618d5a00fd96e01c6f1ecfad66b7
7.2/RPMS/Zope-components-2.2.4-1.3mdk.i586.rpm
> 752c2409359949554e1dd7b7f78cc965 7.2/RPMS/Zope-core-2.2.4-1.3mdk.i586.rpm
> 9d3c16ba03dfdedfa6c849ccc3705562 7.2/RPMS/Zope-pcgi-2.2.4-1.3mdk.i586.rpm
> 223e77fa8b7934a7faa83f9ad614b331
7.2/RPMS/Zope-services-2.2.4-1.3mdk.i586.rpm
> 9e5ec7dcf9a0bec0ad4df97ce7467e78
7.2/RPMS/Zope-zpublisher-2.2.4-1.3mdk.i586.rpm
> 6529e8cd7cf441c6456504e6e7503c75
7.2/RPMS/Zope-zserver-2.2.4-1.3mdk.i586.rpm
> ebb4dda9336abbffda1c13827382784a
7.2/RPMS/Zope-ztemplates-2.2.4-1.3mdk.i586.rpm
> ad2f8f127e025ada0a0767637d3752b6 7.2/SRPMS/Zope-2.2.4-1.3mdk.src.rpm
>
> Corporate Server 1.0.1:
> ce3759b943c84e2cfae88623889d7ede 1.0.1/RPMS/Zope-2.2.4-1.3mdk.i586.rpm
> 2c7e4f68326e5e67d0f3e4fdaea56ab9
1.0.1/RPMS/Zope-components-2.2.4-1.3mdk.i586.rpm
> 8d4ac048dd16083e541a7efa45e82f2c
1.0.1/RPMS/Zope-core-2.2.4-1.3mdk.i586.rpm
> 5675532bdbd34300dc2de372de2ce6c1
1.0.1/RPMS/Zope-pcgi-2.2.4-1.3mdk.i586.rpm
> ae19fe905d8109c7ef5e9960562436fc
1.0.1/RPMS/Zope-services-2.2.4-1.3mdk.i586.rpm
> 67af4cd05bae1ab4e6f8aaedcc063c81
1.0.1/RPMS/Zope-zpublisher-2.2.4-1.3mdk.i586.rpm
> d08bb3f8d5965caf0899091815a55c44
1.0.1/RPMS/Zope-zserver-2.2.4-1.3mdk.i586.rpm
> 7704a708046b4a11afd237ff2331d60c
1.0.1/RPMS/Zope-ztemplates-2.2.4-1.3mdk.i586.rpm
> ad2f8f127e025ada0a0767637d3752b6 1.0.1/SRPMS/Zope-2.2.4-1.3mdk.src.rpm
> ________________________________________________________________________
>
> To upgrade automatically, use MandrakeUpdate.
>
> If you want to upgrade manually, download the updated package from one
> of our FTP server mirrors and upgrade with "rpm -Fvh *.rpm".
>
> You can download the updates directly from one of the mirror sites
> listed at:
>
> http://www.linux-mandrake.com/en/ftp.php3.
>
> Updated packages are available in the "updates/[ver]/RPMS/" directory.
> For example, if you are looking for an updated RPM package for
> Linux-Mandrake 7.2, look for it in "updates/7.2/RPMS/". Updated source
> RPMs are available as well, but you generally do not need to download
> them.
>
> Please be aware that sometimes it takes the mirrors a few hours to
> update.
>
> You can view other security advisories for Linux-Mandrake at:
>
> http://www.linux-mandrake.com/en/security/
>
> If you want to report vulnerabilities, please contact
>
> [EMAIL PROTECTED]
> ________________________________________________________________________
>
> Linux-Mandrake has two security-related mailing list services that
> anyone can subscribe to:
>
> [EMAIL PROTECTED]
>
> Linux-Mandrake's security announcements mailing list. Only
> announcements are sent to this list and it is read-only.
>
> [EMAIL PROTECTED]
>
> Linux-Mandrake's security discussion mailing list. This list is open
> to anyone to discuss Linux-Mandrake security specifically and Linux
> security in general.
>
> To subscribe to either list, send a message to
> [EMAIL PROTECTED]
> with "subscribe [listname]" in the body of the message.
>
> To remove yourself from either list, send a message to
> [EMAIL PROTECTED]
> with "unsubscribe [listname]" in the body of the message.
>
> To get more information on either list, send a message to
> [EMAIL PROTECTED]
> with "info [listname]" in the body of the message.
>
> Optionally, you can use the web interface to subscribe to or unsubscribe
> from either list:
>
> http://www.linux-mandrake.com/en/flists.php3#security
> ________________________________________________________________________
>
> Type Bits/KeyID Date User ID
> pub 1024D/22458A98 2000-07-10 Linux Mandrake Security Team
> <[EMAIL PROTECTED]>
>
>
> - -----BEGIN PGP PUBLIC KEY BLOCK-----
> Version: GnuPG v1.0.1 (GNU/Linux)
> Comment: For info see http://www.gnupg.org
>
> mQGiBDlp594RBAC2tDozI3ZgQsE7XwxurJCJrX0L5vx7SDByR5GHDdWekGhdiday
> L4nfUax+SeR9SCoCgTgPW1xB8vtQc8/sinJlMjp9197a2iKM0FOcPlkpa3HcOdt7
> WKJqQhlMrHvRcsivzcgqjH44GBBJIT6sygUF8k0lU6YnMHj5MPc/NGWt8wCg9vKo
> P0l5QVAFSsHtqcU9W8cc7wMEAJzQsAlnvPXDBfBLEH6u7ptWFdp0GvbSuG2wRaPl
> hynHvRiE01ZvwbJZXsPsKm1z7uVoW+NknKLunWKB5axrNXDHxCYJBzY3jTeFjsqx
> PFZkIEAQphLTkeXXelAjQ5u9tEshPswEtMvJvUgNiAfbzHfPYmq8D6x5xOw1IySg
> 2e/LBACxr2UJYCCB2BZ3p508mAB0RpuLGukq+7UWiOizy+kSskIBg2O7sQkVY/Cs
> iyGEo4XvXqZFMY39RBdfm2GY+WB/5NFiTOYJRKjfprP6K1YbtsmctsX8dG+foKsD
> LLFs7OuVfaydLQYp1iiN6D+LJDSMPM8/LCWzZsgr9EKJ8NXiyrQ6TGludXggTWFu
> ZHJha2UgU2VjdXJpdHkgVGVhbSA8c2VjdXJpdHlAbGludXgtbWFuZHJha2UuY29t
> PohWBBMRAgAWBQI5aefeBAsKBAMDFQMCAxYCAQIXgAAKCRCaqNDQIkWKmK6LAKCy
> /NInDsaMSI+WHwrquwC5PZrcnQCeI+v3gUDsNfQfiKBvQSANu1hdulq5AQ0EOWnn
> 7xAEAOQlTVY4TiNo5V/iP0J1xnqjqlqZsU7yEBKo/gZz6/+hx75RURe1ebiJ9F77
> 9FQbpJ9Epz1KLSXvq974rnVb813zuGdmgFyk+ryA/rTR2RQ8h+EoNkwmATzRxBXV
> Jb57fFQjxOu4eNjZAtfII/YXb0uyXXrdr5dlJ/3eXrcO4p0XAAMFBACCxo6Z269s
> +A4v8C6Ui12aarOQcCDlV8cVG9LkyatU3FNTlnasqwo6EkaP572448weJWwN6SCX
> Vl+xOYLiK0hL/6Jb/O9Agw75yUVdk+RMM2I4fNEi+y4hmfMh2siBv8yEkEvZjTcl
> 3TpkTfzYky85tu433wmKaLFOv0WjBFSikohGBBgRAgAGBQI5aefvAAoJEJqo0NAi
> RYqYid0AoJgeWzXrEdIClBOSW5Q6FzqJJyaqAKC0Y9YI3UFlE4zSIGjcFlLJEJGX
> lA==
> =WxWn
> - -----END PGP PUBLIC KEY BLOCK-----
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.0.4 (GNU/Linux)
> Comment: For info see http://www.gnupg.org
>
> iD8DBQE6mrYJmqjQ0CJFipgRAqAxAKDc9CbmCUmSLmXgc3T64zqOO5ts6wCgtT3G
> +m4Dlr6VAHkLnIFIpfoXR9c=
> =HoZS
> -----END PGP SIGNATURE-----
>
Linux-Azur : http://www.linux-azur.org
Désinscriptions: http://www.linux-azur.org/liste.php3
**** Pas de message au format HTML, SVP ****
