Gentoo Archives: gentoo-announce

From: Daniel Ahlberg <aliz@g.o>
To: gentoo-announce@g.o
Subject: [gentoo-announce] GLSA: zope
Date: Thu, 24 Oct 2002 10:12:21
Message-Id: 20021024151209.429013368D@mail1.tamperd.net
1 -----BEGIN PGP SIGNED MESSAGE-----
2 Hash: SHA1
3
4 - - --------------------------------------------------------------------
5 GENTOO LINUX SECURITY ANNOUNCEMENT 200210-007
6 - - --------------------------------------------------------------------
7
8 PACKAGE : zope
9 SUMMARY : Incorrect handling of XML-RPC requests
10 DATE    : 2002-10-24 15:10 UTC
11 EXPLOIT : remote
12
13 - - --------------------------------------------------------------------
14
15 Zope (www.zope.org) will reveal the complete physical location where the
16 server and its components are installed if it receives "incorrect" XML-RPC
17 requests.
18 In some cases it will reveal also information about the serves in the
19 protected LAN (10.x.x.x for example) on which current server is relaying.
20
21 More information is available at
22 http://collector.zope.org/Zope/359
23
24 SOLUTION
25
26 It is recommended that all Gentoo Linux users who are running
27 net-www/zope-2.5.1 and earlier update their systems
28 as follows:
29
30 emerge rsync
31 emerge zope
32 emerge clean
33
34 - - --------------------------------------------------------------------
35 aliz@g.o - GnuPG key is available at www.gentoo.org/~aliz
36 - - --------------------------------------------------------------------
37 -----BEGIN PGP SIGNATURE-----
38 Version: GnuPG v1.2.0 (GNU/Linux)
39
40 iD8DBQE9uA3IfT7nyhUpoZMRAqJ2AJ4/0CLQWnONWq4k0l8myf2QQ4sk9ACgwbA3
41 4ZdPm20+wK0ElplUXwugB2Y=
42 =LyVt
43 -----END PGP SIGNATURE-----