MDKSA-2000:086
Problem description
A potential security issue exists in versions of Zope up to and including 2.2.4. This issue involves incorrect protection of a data updating method on Image and File objects. Because the method was not correctly protected, it was possible for users with DTML editing privileges to update the raw data of a File or Image object via DTML though they did not have editing privileges on the objects themselves. This update replaces the previous Zope update noted in MDKSA-2000:083.
Updated packages
7.1 i586
1a27224eda3908f1797f8373cb0a997e 7.1/RPMS/Zope-2.2.4-1.2mdk.i586.rpm 0c4b6927178dae9addb86ad3b58bcb04 7.1/RPMS/Zope-components-2.2.4-1.2mdk.i586.rpm 41f3a790bf3bebb4c49e8ced65a2eec2 7.1/RPMS/Zope-core-2.2.4-1.2mdk.i586.rpm 2697aac6c282d0ff1df6be67c452f0f1 7.1/RPMS/Zope-pcgi-2.2.4-1.2mdk.i586.rpm 6170e2801ae6ff70e0a8d7115abcf2ab 7.1/RPMS/Zope-services-2.2.4-1.2mdk.i586.rpm f532b272a002b2cadea796644cb55c24 7.1/RPMS/Zope-zpublisher-2.2.4-1.2mdk.i586.rpm c46eec7ed0490a72ae1b40fda4697891 7.1/RPMS/Zope-zserver-2.2.4-1.2mdk.i586.rpm 8b20f57bf02811245b6c398deb908fb3 7.1/RPMS/Zope-ztemplates-2.2.4-1.2mdk.i586.rpm 8fd0a77af27e4f10b5c7d72aca007a60 7.1/SRPMS/Zope-2.2.4-1.2mdk.src.rpm
7.2 i586
977521271b02081ead2e692486153603 7.2/RPMS/Zope-2.2.4-1.2mdk.i586.rpm 9469e68a5bad3616f55968bb2a03bdf8 7.2/RPMS/Zope-components-2.2.4-1.2mdk.i586.rpm 2d613ea11d316604c92d87c38850624b 7.2/RPMS/Zope-core-2.2.4-1.2mdk.i586.rpm 029cb83d8dff5c8062c41dcd2643a6fa 7.2/RPMS/Zope-pcgi-2.2.4-1.2mdk.i586.rpm 06dc417709a6d0013213d54361a9fe31 7.2/RPMS/Zope-services-2.2.4-1.2mdk.i586.rpm f32ab4d27616c1ee74c1510cbb2f9ff9 7.2/RPMS/Zope-zpublisher-2.2.4-1.2mdk.i586.rpm f95628b3a712688df2810842bd9136ba 7.2/RPMS/Zope-zserver-2.2.4-1.2mdk.i586.rpm 9155e0f3e372b7b7133ad2445cca6522 7.2/RPMS/Zope-ztemplates-2.2.4-1.2mdk.i586.rpm 8fd0a77af27e4f10b5c7d72aca007a60 7.2/SRPMS/Zope-2.2.4-1.2mdk.src.rpm