Ubuntu Security Notice USN-317-1
13th July, 2006
zope2.8 vulnerability
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 5.10
Details
Zope did not deactivate the 'raw' command when exposing
RestructuredText functionalities to untrusted users. A remote user
with the privilege of editing Zope webpages with RestructuredText
could exploit this to expose arbitrary files that can be read with the
privileges of the Zope server.
Update instructions
The problem can be corrected by updating your system to the following package version:
- Ubuntu 5.10:
- zope2.8 2.8.1-5ubuntu0.2
To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.
In general, a standard system upgrade is sufficient to effect the
necessary changes.