Ubuntu Security Notice USN-317-1
13th July, 2006
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 5.10
Zope did not deactivate the 'raw' command when exposing
RestructuredText functionalities to untrusted users. A remote user
with the privilege of editing Zope webpages with RestructuredText
could exploit this to expose arbitrary files that can be read with the
privileges of the Zope server.
The problem can be corrected by updating your system to the following package version:
- Ubuntu 5.10:
- zope2.8 2.8.1-5ubuntu0.2
To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.
In general, a standard system upgrade is sufficient to effect the