Mandrake Linux Security Advisory : Zope (MDKSA-2000:086)
High Nessus Plugin ID 61872
SynopsisThe remote Mandrake Linux host is missing one or more security updates.
DescriptionA potential security issue exists in versions of Zope up to and including 2.2.4. This issue involves incorrect protection of a data updating method on Image and File objects. Because the method was not correctly protected, it was possible for users with DTML editing privileges to update the raw data of a File or Image object via DTML though they did not have editing privileges on the objects themselves.
This update replaces the previous Zope update noted in MDKSA-2000:083.
SolutionUpdate the affected packages.