Mandrake Linux Security Advisory : Zope (MDKSA-2001:025)
Low Nessus Plugin ID 61899
SynopsisThe remote Mandrake Linux host is missing one or more security updates.
DescriptionA new Hotfix for Zope has been released that fixes a very important security issue that affects all versions of Zope prior to and including 2.3.1b1. Users can use through-the-web scripting capabilities on a Zope site to view and assign class attributes to ZClasses, possibly allowing them to make inappropriate changes to ZClass instances. As well, perceived security problems with the ObjectManager, PropertyManager and PropertySheet classes have been fixed as well. It is highly recommended that all Linux-Mandrake users using Zope upgrade to these new packages immediately.
SolutionUpdate the affected packages.