OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: George Lewis (schvinschvin.net)
Date: Fri Mar 01 2002 - 15:34:05 CST

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    ----- Forwarded message from "Matthew T. Kromer" <mattzope.com> -----

    > From: "Matthew T. Kromer" <mattzope.com>
    > User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.8) Gecko/20020204
    > X-Accept-Language: en-us
    > To: zope-announcezope.org
    > X-MailScanner: Found to be clean
    > Subject: [Zope-Annce] Zope Hotfix 2002-03-01 (Ownership Roles Enforcement)
    > Errors-To: zope-announce-adminzope.org
    > X-BeenThere: zope-announcezope.org
    > X-Mailman-Version: 2.0.8 (101270)
    > Precedence: bulk
    > List-Help: <mailto:zope-announce-requestzope.org?subject=help>
    > List-Post: <mailto:zope-announcezope.org>
    > List-Subscribe: <http://lists.zope.org/mailman/listinfo/zope-announce>,
    > <mailto:zope-announce-requestzope.org?subject=subscribe>
    > List-Id: Zope Web Application Server Announcements <zope-announce.zope.org>
    > List-Unsubscribe: <http://lists.zope.org/mailman/listinfo/zope-announce>,
    > <mailto:zope-announce-requestzope.org?subject=unsubscribe>
    > List-Archive: <http://lists.zope.org/pipermail/zope-announce/>
    > Date: Fri, 01 Mar 2002 16:22:12 -0500
    >
    >
    > This hotfix addresses an important security issue that may affect some
    > users of Zope versions 2.2.0 through 2.5.x
    >
    > The issue involves the checking of security for objects with proxy
    > roles. The context of the owner user that created the object with proxy
    > roles was not being taken into account when determining access to the
    > object with proxy roles. This flaw could allow users defined in
    > subfolders of a site with sufficient privileges to access objects at
    > higher levels in the site that they would not normally be able to access.
    >
    > We highly recommend that any Zope site running Zope 2.2.0 through Zope
    > 2.5.x have this hotfix product installed to mitigate the issue. Zope
    > 2.5.1 and 2.4.4 will contain a fix for the issue, at which time the
    > hotfix can be removed.
    >
    >
    > DOWNLOAD
    >
    > Download this hotfix from
    >
    >
    > http://www.zope.org/Products/Zope/Hotfix_2002-03-01/Hotfix_2002-03-01.tgz
    >
    > --
    > Matt Kromer
    > Zope Corporation http://www.zope.com/
    >
    >
    >
    > _______________________________________________
    > Zope-Announce maillist - Zope-Announcezope.org
    > http://lists.zope.org/mailman/listinfo/zope-announce
    >
    > Zope-Announce for Announcements only - no discussions
    >
    > (Related lists -
    > Users: http://lists.zope.org/mailman/listinfo/zope
    > Developers: http://lists.zope.org/mailman/listinfo/zope-dev )

    ----- End forwarded message ----- 

    -- 
http://schvin.net/