[Zope-Annce] Hotfix-20040807 Released
Tres Seaver
tseaver at zope.com
Tue Aug 10 09:42:02 EDT 2004
Overview
This hotfix addresses a security issue reported in CMF Collector
#259 (http://zope.org/Collectors/CMF/259). This issue concerns
a defective privilege check in the OFS.CopySupport module,
which may permit unprivilieged (but authenticated) users of a site
to move content into a folder under their control.
Affected Versions
This issue affects Zope version 2.7.2 and earlier, and has been
resolved for Zope version 2.7.3 and later. Users of affected Zope
versions should remove the hotfix after upgrading to version 2.7.3
or later.
The hotfix has been tested against 2.6.x versions of Zope as well.
Getting the Hotfix
The hotfix product is available from the "zope.org site",
http://zope.org/Products/Zope/Hotfix-200400807/Hotfix-20040807
- "Unix tarball",
http://zope.org/Products/Zope/Hotfix-200400807/Hotfix-20040807/Hotfix-20040807.tar.gz
- "Windows zipfile",
http://zope.org/Products/Zope/Hotfix-200400807/Hotfix-20040807/Hotfix-20040807.zip
- "README.txt",
http://zope.org/Products/Zope/Hotfix-200400807/README.txt
Installation
To install the hotfix, unpack the tarball / zip file into the
'Products' directory of your site's INSTANCE_HOME, and then restart
your Zope application server.
For example, if on your system, the Zope software is installed in
'/opt/lib/zope2.7', and your instance is in '/var/lib/zope'::
# cd /var/lib/zope/Products
# tar xzf /tmp/Hotfix-20040807.tar.gz
# ../bin/zopectl restart
Removal
To remove the hotfix after upgrading Zope to version 2.7.3 or later,
simply remove the product folder and restart the application server.
For example, for the same setup::
# cd /var/lib/zope/Products
# rm -r Hotfix-20040807
# ../bin/zopectl restart
Tres.
--
===============================================================
Tres Seaver tseaver at zope.com
Zope Corporation "Zope Dealers" http://www.zope.com
More information about the Zope-Announce
mailing list