USN-229-1: Zope vulnerability
14 December 2005
Zope vulnerability
Releases
Details
Zope did not deactivate the file inclusion feature when exposing
RestructuredText functionalities to untrusted users. A remote user
with the privilege of editing Zope webpages with RestructuredText
could exploit this to expose arbitrary files that can be read with the
privileges of the Zope server, or execute arbitrary Zope code.
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 5.10
-
zope2.8
-
-
zope2.8-sandbox
-
In general, a standard system update will make all the necessary changes.