[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] [USN-848-1] Zope vulnerabilities

To: ubuntu-security-announce@xxxxxxxxxxxxxxxx
Subject: [Full-disclosure] [USN-848-1] Zope vulnerabilities
From: Marc Deslauriers <marc.deslauriers@xxxxxxxxxxxxx>
Date: Wed, 14 Oct 2009 12:32:39 -0400

===========================================================
Ubuntu Security Notice USN-848-1           October 14, 2009
zope3 vulnerabilities
CVE-2009-0668, CVE-2009-0669
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 8.04 LTS
Ubuntu 8.10
Ubuntu 9.04

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
  zope3                           3.2.1-1ubuntu1.2

Ubuntu 8.04 LTS:
  zope3                           3.3.1-5ubuntu2.2

Ubuntu 8.10:
  zope3                           3.3.1-7ubuntu0.2

Ubuntu 9.04:
  zope3                           3.4.0-0ubuntu3.3

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

It was discovered that the Zope Object Database (ZODB) database server
(ZEO) improperly filtered certain commands when a database is shared among
multiple applications or application instances. A remote attacker could
send malicious commands to the server and execute arbitrary code.
(CVE-2009-0668)

It was discovered that the Zope Object Database (ZODB) database server
(ZEO) did not handle authentication properly when a database is shared
among multiple applications or application instances. A remote attacker
could use this flaw to bypass security restrictions. (CVE-2009-0669)

It was discovered that Zope did not limit the number of new object ids a
client could request. A remote attacker could use this flaw to consume a
huge amount of resources, leading to a denial of service. (No CVE
identifier)


Updated packages for Ubuntu 6.06 LTS:

  Source archives:

    
http://security.ubuntu.com/ubuntu/pool/main/z/zope3/zope3_3.2.1-1ubuntu1.2.diff.gz
      Size/MD5:    15470 fed4749b4509f19f8429af7ec2c55b1d
    
http://security.ubuntu.com/ubuntu/pool/main/z/zope3/zope3_3.2.1-1ubuntu1.2.dsc
      Size/MD5:      882 43db6cc1f279ab194c2c7bc694c2f72e
    http://security.ubuntu.com/ubuntu/pool/main/z/zope3/zope3_3.2.1.orig.tar.gz
      Size/MD5:  6521432 1db39a5c406c160506559cb9f2f165d4

  Architecture independent packages:

    
http://security.ubuntu.com/ubuntu/pool/main/z/zope3/python-zopeinterface_3.2.1-1ubuntu1.2_all.deb
      Size/MD5:    39342 f9532d24444dd3a1ed5d373662644f66
    
http://security.ubuntu.com/ubuntu/pool/main/z/zope3/zope3-sandbox_3.2.1-1ubuntu1.2_all.deb
      Size/MD5:    39592 6a9e3b2952462546e8ea8335138e2820
    
http://security.ubuntu.com/ubuntu/pool/universe/z/zope3/zope3-doc_3.2.1-1ubuntu1.2_all.deb
      Size/MD5:   219974 f8622b30cccc3f2bb444cc8b5d22ec80

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    
http://security.ubuntu.com/ubuntu/pool/main/z/zope3/python2.4-zopeinterface_3.2.1-1ubuntu1.2_amd64.deb
      Size/MD5:   118764 1a06516e83a33fd4ec310e9a9301ffd8
    
http://security.ubuntu.com/ubuntu/pool/main/z/zope3/zope3_3.2.1-1ubuntu1.2_amd64.deb
      Size/MD5:  4182650 44483957f944105491ad8e7dabadedb8

  i386 architecture (x86 compatible Intel/AMD):

    
http://security.ubuntu.com/ubuntu/pool/main/z/zope3/python2.4-zopeinterface_3.2.1-1ubuntu1.2_i386.deb
      Size/MD5:   118246 d6b56bf7eafa02c980b3e620c2e995f5
    
http://security.ubuntu.com/ubuntu/pool/main/z/zope3/zope3_3.2.1-1ubuntu1.2_i386.deb
      Size/MD5:  4142116 1f90fece0a372539e9544d7513df0ba6

  powerpc architecture (Apple Macintosh G3/G4/G5):

    
http://security.ubuntu.com/ubuntu/pool/main/z/zope3/python2.4-zopeinterface_3.2.1-1ubuntu1.2_powerpc.deb
      Size/MD5:   120234 cc813def7203f824efa6c553a548ef23
    
http://security.ubuntu.com/ubuntu/pool/main/z/zope3/zope3_3.2.1-1ubuntu1.2_powerpc.deb
      Size/MD5:  4191884 a2ac7c0be56df2967a87ad2be8ab810f

  sparc architecture (Sun SPARC/UltraSPARC):

    
http://security.ubuntu.com/ubuntu/pool/main/z/zope3/python2.4-zopeinterface_3.2.1-1ubuntu1.2_sparc.deb
      Size/MD5:   118506 fdf7ae68ec2438b18c600ceae942b671
    
http://security.ubuntu.com/ubuntu/pool/main/z/zope3/zope3_3.2.1-1ubuntu1.2_sparc.deb
      Size/MD5:  4155510 22300574bee36421a1d67a29083c4206

Updated packages for Ubuntu 8.04 LTS:

  Source archives:

    
http://security.ubuntu.com/ubuntu/pool/main/z/zope3/zope3_3.3.1-5ubuntu2.2.diff.gz
      Size/MD5:    18083 20487df2b36f3b62e87e5e3674f9b49f
    
http://security.ubuntu.com/ubuntu/pool/main/z/zope3/zope3_3.3.1-5ubuntu2.2.dsc
      Size/MD5:     1102 c3cac6a2beceaebf9a7ea19e5c6a3e3a
    http://security.ubuntu.com/ubuntu/pool/main/z/zope3/zope3_3.3.1.orig.tar.gz
      Size/MD5:  6582320 c0b6165233900ba29ced72b9ad95c443

  Architecture independent packages:

    
http://security.ubuntu.com/ubuntu/pool/main/z/zope3/zope3-doc_3.3.1-5ubuntu2.2_all.deb
      Size/MD5:   226188 b0768ba423bd4f7119672ada0c5b28a7
    
http://security.ubuntu.com/ubuntu/pool/main/z/zope3/zope3-sandbox_3.3.1-5ubuntu2.2_all.deb
      Size/MD5:    47508 4f191893824bf8ab9b571979f2c0f39b

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    
http://security.ubuntu.com/ubuntu/pool/main/z/zope3/python-zopeinterface-dbg_3.3.1-5ubuntu2.2_amd64.deb
      Size/MD5:    84276 9e8864369e23d48dbc2ee5e6b505d6a0
    
http://security.ubuntu.com/ubuntu/pool/main/z/zope3/python-zopeinterface_3.3.1-5ubuntu2.2_amd64.deb
      Size/MD5:   140358 1a01e7a7ec12b35ca294bf7b094d2f78
    
http://security.ubuntu.com/ubuntu/pool/main/z/zope3/zope3-dbg_3.3.1-5ubuntu2.2_amd64.deb
      Size/MD5:  1012680 f309039f49b17cbf394ec7a079ffdf33
    
http://security.ubuntu.com/ubuntu/pool/main/z/zope3/zope3_3.3.1-5ubuntu2.2_amd64.deb
      Size/MD5:  4191474 2ea3b7d72b3ce9051e49d4c0cd4bb239

  i386 architecture (x86 compatible Intel/AMD):

    
http://security.ubuntu.com/ubuntu/pool/main/z/zope3/python-zopeinterface-dbg_3.3.1-5ubuntu2.2_i386.deb
      Size/MD5:    77536 84ddfb7b3f9ace903a46fd42a0681312
    
http://security.ubuntu.com/ubuntu/pool/main/z/zope3/python-zopeinterface_3.3.1-5ubuntu2.2_i386.deb
      Size/MD5:   135528 491de05a0a6f26a6d3e7926ee6e55794
    
http://security.ubuntu.com/ubuntu/pool/main/z/zope3/zope3-dbg_3.3.1-5ubuntu2.2_i386.deb
      Size/MD5:   912926 3f59dbd98aeac9e15a2367243513e952
    
http://security.ubuntu.com/ubuntu/pool/main/z/zope3/zope3_3.3.1-5ubuntu2.2_i386.deb
      Size/MD5:  4155510 149cf3673b624abd687865df7beefee8

  lpia architecture (Low Power Intel Architecture):

    
http://ports.ubuntu.com/pool/main/z/zope3/python-zopeinterface-dbg_3.3.1-5ubuntu2.2_lpia.deb
      Size/MD5:    79676 1727ea7da4c0e032856fbca43109abd0
    
http://ports.ubuntu.com/pool/main/z/zope3/python-zopeinterface_3.3.1-5ubuntu2.2_lpia.deb
      Size/MD5:   135378 7bc6cbbfe2a428ac01c681c5dcad6de6
    
http://ports.ubuntu.com/pool/main/z/zope3/zope3-dbg_3.3.1-5ubuntu2.2_lpia.deb
      Size/MD5:   928730 8ac9cadfce7c1318807cdd7cf996efa3
    http://ports.ubuntu.com/pool/main/z/zope3/zope3_3.3.1-5ubuntu2.2_lpia.deb
      Size/MD5:  4153336 b227d194eddc1c27d9ee9f75147c8870

  powerpc architecture (Apple Macintosh G3/G4/G5):

    
http://ports.ubuntu.com/pool/main/z/zope3/python-zopeinterface-dbg_3.3.1-5ubuntu2.2_powerpc.deb
      Size/MD5:    88716 5a709fb65fc46e084ab92ed33d5e87a9
    
http://ports.ubuntu.com/pool/main/z/zope3/python-zopeinterface_3.3.1-5ubuntu2.2_powerpc.deb
      Size/MD5:   145068 8af744de8f3e983066858734d5a8f5c9
    
http://ports.ubuntu.com/pool/main/z/zope3/zope3-dbg_3.3.1-5ubuntu2.2_powerpc.deb
      Size/MD5:  1051300 36b713fd35a7a4a2266a331eb57f2977
    http://ports.ubuntu.com/pool/main/z/zope3/zope3_3.3.1-5ubuntu2.2_powerpc.deb
      Size/MD5:  4211570 a17438ddadf26f4abf8f4f16fd2fd78c

  sparc architecture (Sun SPARC/UltraSPARC):

    
http://ports.ubuntu.com/pool/main/z/zope3/python-zopeinterface-dbg_3.3.1-5ubuntu2.2_sparc.deb
      Size/MD5:    72536 d69a325a65b02ff91f6b8417f8cc489f
    
http://ports.ubuntu.com/pool/main/z/zope3/python-zopeinterface_3.3.1-5ubuntu2.2_sparc.deb
      Size/MD5:   137150 ca2d1f92cc833ef2769bcd04fa67fbc5
    
http://ports.ubuntu.com/pool/main/z/zope3/zope3-dbg_3.3.1-5ubuntu2.2_sparc.deb
      Size/MD5:   869820 3efc21acfe5cc2e831a4bc575fbc7e86
    http://ports.ubuntu.com/pool/main/z/zope3/zope3_3.3.1-5ubuntu2.2_sparc.deb
      Size/MD5:  4164162 4d6071fbbf8096ec9e0b46c79e1ce100

Updated packages for Ubuntu 8.10:

  Source archives:

    
http://security.ubuntu.com/ubuntu/pool/main/z/zope3/zope3_3.3.1-7ubuntu0.2.diff.gz
      Size/MD5:    18301 f8ec099f76b1a918ef496946c887758f
    
http://security.ubuntu.com/ubuntu/pool/main/z/zope3/zope3_3.3.1-7ubuntu0.2.dsc
      Size/MD5:     1492 630661aa4aa5015f091cceb1bff6e016
    http://security.ubuntu.com/ubuntu/pool/main/z/zope3/zope3_3.3.1.orig.tar.gz
      Size/MD5:  6582320 c0b6165233900ba29ced72b9ad95c443

  Architecture independent packages:

    
http://security.ubuntu.com/ubuntu/pool/main/z/zope3/zope3-doc_3.3.1-7ubuntu0.2_all.deb
      Size/MD5:   226016 c12e26381eeee9928034a3dc7f5bc422
    
http://security.ubuntu.com/ubuntu/pool/main/z/zope3/zope3-sandbox_3.3.1-7ubuntu0.2_all.deb
      Size/MD5:    47474 0e2ebdb80591e3df5ac265bed234c721

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    
http://security.ubuntu.com/ubuntu/pool/main/z/zope3/python-zopeinterface-dbg_3.3.1-7ubuntu0.2_amd64.deb
      Size/MD5:    83938 a8d76708b988762d6d2efaa462fdaf7b
    
http://security.ubuntu.com/ubuntu/pool/main/z/zope3/python-zopeinterface_3.3.1-7ubuntu0.2_amd64.deb
      Size/MD5:   143190 30dc7fef8baebcc4eb2966d271bdba2e
    
http://security.ubuntu.com/ubuntu/pool/main/z/zope3/zope3-dbg_3.3.1-7ubuntu0.2_amd64.deb
      Size/MD5:  1025894 470f2c3591d8af5bdb15dedea5217692
    
http://security.ubuntu.com/ubuntu/pool/main/z/zope3/zope3_3.3.1-7ubuntu0.2_amd64.deb
      Size/MD5:  4216264 e15e9a1f34313a7bdf8d6c399d19fe85

  i386 architecture (x86 compatible Intel/AMD):

    
http://security.ubuntu.com/ubuntu/pool/main/z/zope3/python-zopeinterface-dbg_3.3.1-7ubuntu0.2_i386.deb
      Size/MD5:    77896 2fc948ef442fc3f68797b90373efb43b
    
http://security.ubuntu.com/ubuntu/pool/main/z/zope3/python-zopeinterface_3.3.1-7ubuntu0.2_i386.deb
      Size/MD5:   135398 8e92e33ea8fc19771517c9a4455d7d86
    
http://security.ubuntu.com/ubuntu/pool/main/z/zope3/zope3-dbg_3.3.1-7ubuntu0.2_i386.deb
      Size/MD5:   920744 16c02019b46b915c06cc43fd80177873
    
http://security.ubuntu.com/ubuntu/pool/main/z/zope3/zope3_3.3.1-7ubuntu0.2_i386.deb
      Size/MD5:  4179868 47cc61dfe0938fbf9c74ced6ff4842e7

  lpia architecture (Low Power Intel Architecture):

    
http://ports.ubuntu.com/pool/main/z/zope3/python-zopeinterface-dbg_3.3.1-7ubuntu0.2_lpia.deb
      Size/MD5:    79802 37ee339fbd62d3f0892fb538f05d0ad9
    
http://ports.ubuntu.com/pool/main/z/zope3/python-zopeinterface_3.3.1-7ubuntu0.2_lpia.deb
      Size/MD5:   135228 9adbf33dcd2c3de2488562e7b1eaf3b4
    
http://ports.ubuntu.com/pool/main/z/zope3/zope3-dbg_3.3.1-7ubuntu0.2_lpia.deb
      Size/MD5:   933792 142c5c089568a44c9c46dd87242d9213
    http://ports.ubuntu.com/pool/main/z/zope3/zope3_3.3.1-7ubuntu0.2_lpia.deb
      Size/MD5:  4173950 f8406dce44706df9eb2fabff1de83895

  powerpc architecture (Apple Macintosh G3/G4/G5):

    
http://ports.ubuntu.com/pool/main/z/zope3/python-zopeinterface-dbg_3.3.1-7ubuntu0.2_powerpc.deb
      Size/MD5:    87708 f71296365625ec74b74b80cf55fb70a1
    
http://ports.ubuntu.com/pool/main/z/zope3/python-zopeinterface_3.3.1-7ubuntu0.2_powerpc.deb
      Size/MD5:   145132 4c4b5cda71cf3684f9552f326a428b3c
    
http://ports.ubuntu.com/pool/main/z/zope3/zope3-dbg_3.3.1-7ubuntu0.2_powerpc.deb
      Size/MD5:  1064814 ceed93c6e866b1f1cfa32e91e0b61eae
    http://ports.ubuntu.com/pool/main/z/zope3/zope3_3.3.1-7ubuntu0.2_powerpc.deb
      Size/MD5:  4237146 96ad6cf7f8a8e27e470923dd06de0d7e

  sparc architecture (Sun SPARC/UltraSPARC):

    
http://ports.ubuntu.com/pool/main/z/zope3/python-zopeinterface-dbg_3.3.1-7ubuntu0.2_sparc.deb
      Size/MD5:    71866 a0fbf8204e03aaa2075512d05e750fa9
    
http://ports.ubuntu.com/pool/main/z/zope3/python-zopeinterface_3.3.1-7ubuntu0.2_sparc.deb
      Size/MD5:   136470 6bfc39a805a363fad3016fb3efe7dada
    
http://ports.ubuntu.com/pool/main/z/zope3/zope3-dbg_3.3.1-7ubuntu0.2_sparc.deb
      Size/MD5:   867986 d1e9c3548025b4b7291a4269ddf2bd22
    http://ports.ubuntu.com/pool/main/z/zope3/zope3_3.3.1-7ubuntu0.2_sparc.deb
      Size/MD5:  4184074 b050de2b9d0506aeeec5eb6aa06e9c3b

Updated packages for Ubuntu 9.04:

  Source archives:

    
http://security.ubuntu.com/ubuntu/pool/main/z/zope3/zope3_3.4.0-0ubuntu3.3.diff.gz
      Size/MD5:    17843 7f3bc338430cd1f689867ec37ea963b4
    
http://security.ubuntu.com/ubuntu/pool/main/z/zope3/zope3_3.4.0-0ubuntu3.3.dsc
      Size/MD5:     1523 c067fcb2950bd81dc6f911b19c322db4
    http://security.ubuntu.com/ubuntu/pool/main/z/zope3/zope3_3.4.0.orig.tar.gz
      Size/MD5:  7415971 8fda92b82f19efbc18c411e1feb4268e

  Architecture independent packages:

    
http://security.ubuntu.com/ubuntu/pool/main/z/zope3/zope3-doc_3.4.0-0ubuntu3.3_all.deb
      Size/MD5:   229726 dda6ab0a561ce9151a52c56326c250b4
    
http://security.ubuntu.com/ubuntu/pool/main/z/zope3/zope3-sandbox_3.4.0-0ubuntu3.3_all.deb
      Size/MD5:    50226 de3ee0b76394a56391bc5e51dd3a04f5

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    
http://security.ubuntu.com/ubuntu/pool/main/z/zope3/python-zopeinterface-dbg_3.4.0-0ubuntu3.3_amd64.deb
      Size/MD5:    84706 3c5464aa6163cd28c520cfb06ce642ec
    
http://security.ubuntu.com/ubuntu/pool/main/z/zope3/python-zopeinterface_3.4.0-0ubuntu3.3_amd64.deb
      Size/MD5:   152022 4a608318024d0a5649e3c418d597c8da
    
http://security.ubuntu.com/ubuntu/pool/main/z/zope3/zope3-dbg_3.4.0-0ubuntu3.3_amd64.deb
      Size/MD5:  1512942 b6e0d8efd215d79f66f790977e7ede5b
    
http://security.ubuntu.com/ubuntu/pool/main/z/zope3/zope3_3.4.0-0ubuntu3.3_amd64.deb
      Size/MD5:  4735130 3a3c8dd907efe6c972c149dc61414e8b

  i386 architecture (x86 compatible Intel/AMD):

    
http://security.ubuntu.com/ubuntu/pool/main/z/zope3/python-zopeinterface-dbg_3.4.0-0ubuntu3.3_i386.deb
      Size/MD5:    78600 fed4130d0d8cf83b1743fd008fd19286
    
http://security.ubuntu.com/ubuntu/pool/main/z/zope3/python-zopeinterface_3.4.0-0ubuntu3.3_i386.deb
      Size/MD5:   145936 2f4f807d7b2b0e0b4efff4dcd26c3639
    
http://security.ubuntu.com/ubuntu/pool/main/z/zope3/zope3-dbg_3.4.0-0ubuntu3.3_i386.deb
      Size/MD5:  1360174 3eca9ab23d0708d79378f2dec3f5449b
    
http://security.ubuntu.com/ubuntu/pool/main/z/zope3/zope3_3.4.0-0ubuntu3.3_i386.deb
      Size/MD5:  4690060 764d4479aac12c41b200cf0b1facb338

  lpia architecture (Low Power Intel Architecture):

    
http://ports.ubuntu.com/pool/main/z/zope3/python-zopeinterface-dbg_3.4.0-0ubuntu3.3_lpia.deb
      Size/MD5:    80514 925b3c6d5119f97b5a9da32b7eb9208e
    
http://ports.ubuntu.com/pool/main/z/zope3/python-zopeinterface_3.4.0-0ubuntu3.3_lpia.deb
      Size/MD5:   145992 07cf55f0b99924030f38a94b06561c24
    
http://ports.ubuntu.com/pool/main/z/zope3/zope3-dbg_3.4.0-0ubuntu3.3_lpia.deb
      Size/MD5:  1377528 b43e8d03929574eb3bf1c8a6d1b0a199
    http://ports.ubuntu.com/pool/main/z/zope3/zope3_3.4.0-0ubuntu3.3_lpia.deb
      Size/MD5:  4684766 6862d3e74a25a8eeee94751e84b3e890

  powerpc architecture (Apple Macintosh G3/G4/G5):

    
http://ports.ubuntu.com/pool/main/z/zope3/python-zopeinterface-dbg_3.4.0-0ubuntu3.3_powerpc.deb
      Size/MD5:    88530 c12bde43b126dd4c2fa164188e970a8e
    
http://ports.ubuntu.com/pool/main/z/zope3/python-zopeinterface_3.4.0-0ubuntu3.3_powerpc.deb
      Size/MD5:   154784 094b09e86f933e1cca41e1acf97af007
    
http://ports.ubuntu.com/pool/main/z/zope3/zope3-dbg_3.4.0-0ubuntu3.3_powerpc.deb
      Size/MD5:  1547836 d3ec091ff2f256695963d3e670022847
    http://ports.ubuntu.com/pool/main/z/zope3/zope3_3.4.0-0ubuntu3.3_powerpc.deb
      Size/MD5:  4757096 f2b93e040de3ee8febb223c4eb83f5d3

  sparc architecture (Sun SPARC/UltraSPARC):

    
http://ports.ubuntu.com/pool/main/z/zope3/python-zopeinterface-dbg_3.4.0-0ubuntu3.3_sparc.deb
      Size/MD5:    72648 2f4dee9d5936184a1726e20dc88eb697
    
http://ports.ubuntu.com/pool/main/z/zope3/python-zopeinterface_3.4.0-0ubuntu3.3_sparc.deb
      Size/MD5:   146202 f8753470814b77fe668f07c422b70d44
    
http://ports.ubuntu.com/pool/main/z/zope3/zope3-dbg_3.4.0-0ubuntu3.3_sparc.deb
      Size/MD5:  1279576 2f8cfd0847d3661f9c1771abb8105e7f
    http://ports.ubuntu.com/pool/main/z/zope3/zope3_3.4.0-0ubuntu3.3_sparc.deb
      Size/MD5:  4687522 0de0cc9be939d2935034e22bb5ef35b3

Attachment: signature.asc
Description: This is a digitally signed message part

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Prev by Date: [Full-disclosure] Cisco Security Advisory: Cisco Unified Presence Denial of Service Vulnerabilities
Next by Date: [Full-disclosure] [ MDVSA-2009:278 ] compiz-fusion-plugins-main
Previous by thread: [Full-disclosure] Cisco Security Advisory: Cisco Unified Presence Denial of Service Vulnerabilities
Next by thread: [Full-disclosure] [ MDVSA-2009:278 ] compiz-fusion-plugins-main
Index(es):
- Date
- Thread