USN-229-1: Zope vulnerability

14 December 2005

zope2.8 vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 5.10

Software Description

Details

Zope did not deactivate the file inclusion feature when exposing RestructuredText functionalities to untrusted users. A remote user with the privilege of editing Zope webpages with RestructuredText could exploit this to expose arbitrary files that can be read with the privileges of the Zope server, or execute arbitrary Zope code.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 5.10
zope2.8
zope2.8-sandbox

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

References