Mandrake Linux Security Advisory : Zope (MDKSA-2000:035)
High Nessus Plugin ID 61829
SynopsisThe remote Mandrake Linux host is missing one or more security updates.
DescriptionA problem exists in the Zope package with the getRoles method of user objects contained in the default UserFolder implementation. Users with the ability to edit DTML could arrange to give themselves extra roles for the duration of a single request by mutating the roles list as a part of the request process.
SolutionUpdate the affected packages.