Ubuntu 6301 Published by

A new Zope vulnerabilities update is available for Ubuntu Linux. Here the announcement:



Ubuntu Security Notice USN-848-1 October 14, 2009
zope3 vulnerabilities
CVE-2009-0668, CVE-2009-0669
==========================
==========================
=========

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 8.04 LTS
Ubuntu 8.10
Ubuntu 9.04

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
zope3 3.2.1-1ubuntu1.2

Ubuntu 8.04 LTS:
zope3 3.3.1-5ubuntu2.2

Ubuntu 8.10:
zope3 3.3.1-7ubuntu0.2

Ubuntu 9.04:
zope3 3.4.0-0ubuntu3.3

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

It was discovered that the Zope Object Database (ZODB) database server
(ZEO) improperly filtered certain commands when a database is shared among
multiple applications or application instances. A remote attacker could
send malicious commands to the server and execute arbitrary code.
(CVE-2009-0668)

It was discovered that the Zope Object Database (ZODB) database server
(ZEO) did not handle authentication properly when a database is shared
among multiple applications or application instances. A remote attacker
could use this flaw to bypass security restrictions. (CVE-2009-0669)

It was discovered that Zope did not limit the number of new object ids a
client could request. A remote attacker could use this flaw to consume a
huge amount of resources, leading to a denial of service. (No CVE
identifier)


Updated packages for Ubuntu 6.06 LTS:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/z/zope3/zope3_3.2.1-1ubuntu=
1.2.diff.gz
Size/MD5: 15470 fed4749b4509f19f8429af7ec2c55b1d
http://security.ubuntu.com/ubuntu/pool/main/z/zope3/zope3_3.2.1-1ubuntu=
1.2.dsc
Size/MD5: 882 43db6cc1f279ab194c2c7bc694c2f72e
http://security.ubuntu.com/ubuntu/pool/main/z/zope3/zope3_3.2.1.orig.ta=
r.gz
Size/MD5: 6521432 1db39a5c406c160506559cb9f2f165d4

Architecture independent packages:

http://security.ubuntu.com/ubuntu/pool/main/z/zope3/python-zopeinterfac=
e_3.2.1-1ubuntu1.2_all.deb
Size/MD5: 39342 f9532d24444dd3a1ed5d373662644f66
http://security.ubuntu.com/ubuntu/pool/main/z/zope3/zope3-sandbox_3.2.1=
-1ubuntu1.2_all.deb
Size/MD5: 39592 6a9e3b2952462546e8ea8335138e2820
http://security.ubuntu.com/ubuntu/pool/universe/z/zope3/zope3-doc_3.2.1=
-1ubuntu1.2_all.deb
Size/MD5: 219974 f8622b30cccc3f2bb444cc8b5d22ec80

amd64 architecture (Athlon64, Opteron, EM64T Xeon):

http://security.ubuntu.com/ubuntu/pool/main/z/zope3/python2.4-zopeinter=
face_3.2.1-1ubuntu1.2_amd64.deb
Size/MD5: 118764 1a06516e83a33fd4ec310e9a9301ffd8
http://security.ubuntu.com/ubuntu/pool/main/z/zope3/zope3_3.2.1-1ubuntu=
1.2_amd64.deb
Size/MD5: 4182650 44483957f944105491ad8e7dabadedb8

i386 architecture (x86 compatible Intel/AMD):

http://security.ubuntu.com/ubuntu/pool/main/z/zope3/python2.4-zopeinter=
face_3.2.1-1ubuntu1.2_i386.deb
Size/MD5: 118246 d6b56bf7eafa02c980b3e620c2e995f5
http://security.ubuntu.com/ubuntu/pool/main/z/zope3/zope3_3.2.1-1ubuntu=
1.2_i386.deb
Size/MD5: 4142116 1f90fece0a372539e9544d7513df0ba6

powerpc architecture (Apple Macintosh G3/G4/G5):

http://security.ubuntu.com/ubuntu/pool/main/z/zope3/python2.4-zopeinter=
face_3.2.1-1ubuntu1.2_powerpc.deb
Size/MD5: 120234 cc813def7203f824efa6c553a548ef23
http://security.ubuntu.com/ubuntu/pool/main/z/zope3/zope3_3.2.1-1ubuntu=
1.2_powerpc.deb
Size/MD5: 4191884 a2ac7c0be56df2967a87ad2be8ab810f

sparc architecture (Sun SPARC/UltraSPARC):

http://security.ubuntu.com/ubuntu/pool/main/z/zope3/python2.4-zopeinter=
face_3.2.1-1ubuntu1.2_sparc.deb
Size/MD5: 118506 fdf7ae68ec2438b18c600ceae942b671
http://security.ubuntu.com/ubuntu/pool/main/z/zope3/zope3_3.2.1-1ubuntu=
1.2_sparc.deb
Size/MD5: 4155510 22300574bee36421a1d67a29083c4206

Updated packages for Ubuntu 8.04 LTS:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/z/zope3/zope3_3.3.1-5ubuntu=
2.2.diff.gz
Size/MD5: 18083 20487df2b36f3b62e87e5e3674f9b49f
http://security.ubuntu.com/ubuntu/pool/main/z/zope3/zope3_3.3.1-5ubuntu=
2.2.dsc
Size/MD5: 1102 c3cac6a2beceaebf9a7ea19e5c6a3e3a
http://security.ubuntu.com/ubuntu/pool/main/z/zope3/zope3_3.3.1.orig.ta=
r.gz
Size/MD5: 6582320 c0b6165233900ba29ced72b9ad95c443

Architecture independent packages:

http://security.ubuntu.com/ubuntu/pool/main/z/zope3/zope3-doc_3.3.1-5ub=
untu2.2_all.deb
Size/MD5: 226188 b0768ba423bd4f7119672ada0c5b28a7
http://security.ubuntu.com/ubuntu/pool/main/z/zope3/zope3-sandbox_3.3.1=
-5ubuntu2.2_all.deb
Size/MD5: 47508 4f191893824bf8ab9b571979f2c0f39b

amd64 architecture (Athlon64, Opteron, EM64T Xeon):

http://security.ubuntu.com/ubuntu/pool/main/z/zope3/python-zopeinterfac=
e-dbg_3.3.1-5ubuntu2.2_amd64.deb
Size/MD5: 84276 9e8864369e23d48dbc2ee5e6b505d6a0
http://security.ubuntu.com/ubuntu/pool/main/z/zope3/python-zopeinterfac=
e_3.3.1-5ubuntu2.2_amd64.deb
Size/MD5: 140358 1a01e7a7ec12b35ca294bf7b094d2f78
http://security.ubuntu.com/ubuntu/pool/main/z/zope3/zope3-dbg_3.3.1-5ub=
untu2.2_amd64.deb
Size/MD5: 1012680 f309039f49b17cbf394ec7a079ffdf33
http://security.ubuntu.com/ubuntu/pool/main/z/zope3/zope3_3.3.1-5ubuntu=
2.2_amd64.deb
Size/MD5: 4191474 2ea3b7d72b3ce9051e49d4c0cd4bb239

i386 architecture (x86 compatible Intel/AMD):

http://security.ubuntu.com/ubuntu/pool/main/z/zope3/python-zopeinterfac=
e-dbg_3.3.1-5ubuntu2.2_i386.deb
Size/MD5: 77536 84ddfb7b3f9ace903a46fd42a0681312
http://security.ubuntu.com/ubuntu/pool/main/z/zope3/python-zopeinterfac=
e_3.3.1-5ubuntu2.2_i386.deb
Size/MD5: 135528 491de05a0a6f26a6d3e7926ee6e55794
http://security.ubuntu.com/ubuntu/pool/main/z/zope3/zope3-dbg_3.3.1-5ub=
untu2.2_i386.deb
Size/MD5: 912926 3f59dbd98aeac9e15a2367243513e952
http://security.ubuntu.com/ubuntu/pool/main/z/zope3/zope3_3.3.1-5ubuntu=
2.2_i386.deb
Size/MD5: 4155510 149cf3673b624abd687865df7beefee8

lpia architecture (Low Power Intel Architecture):

http://ports.ubuntu.com/pool/main/z/zope3/python-zopeinterface-dbg_3.3.=
1-5ubuntu2.2_lpia.deb
Size/MD5: 79676 1727ea7da4c0e032856fbca43109abd0
http://ports.ubuntu.com/pool/main/z/zope3/python-zopeinterface_3.3.1-5u=
buntu2.2_lpia.deb
Size/MD5: 135378 7bc6cbbfe2a428ac01c681c5dcad6de6
http://ports.ubuntu.com/pool/main/z/zope3/zope3-dbg_3.3.1-5ubuntu2.2_lp=
ia.deb
Size/MD5: 928730 8ac9cadfce7c1318807cdd7cf996efa3
http://ports.ubuntu.com/pool/main/z/zope3/zope3_3.3.1-5ubuntu2.2_lpia.d=
eb
Size/MD5: 4153336 b227d194eddc1c27d9ee9f75147c8870

powerpc architecture (Apple Macintosh G3/G4/G5):

http://ports.ubuntu.com/pool/main/z/zope3/python-zopeinterface-dbg_3.3.=
1-5ubuntu2.2_powerpc.deb
Size/MD5: 88716 5a709fb65fc46e084ab92ed33d5e87a9
http://ports.ubuntu.com/pool/main/z/zope3/python-zopeinterface_3.3.1-5u=
buntu2.2_powerpc.deb
Size/MD5: 145068 8af744de8f3e983066858734d5a8f5c9
http://ports.ubuntu.com/pool/main/z/zope3/zope3-dbg_3.3.1-5ubuntu2.2_po=
werpc.deb
Size/MD5: 1051300 36b713fd35a7a4a2266a331eb57f2977
http://ports.ubuntu.com/pool/main/z/zope3/zope3_3.3.1-5ubuntu2.2_powerp=
c.deb
Size/MD5: 4211570 a17438ddadf26f4abf8f4f16fd2fd78c

sparc architecture (Sun SPARC/UltraSPARC):

http://ports.ubuntu.com/pool/main/z/zope3/python-zopeinterface-dbg_3.3.=
1-5ubuntu2.2_sparc.deb
Size/MD5: 72536 d69a325a65b02ff91f6b8417f8cc489f
http://ports.ubuntu.com/pool/main/z/zope3/python-zopeinterface_3.3.1-5u=
buntu2.2_sparc.deb
Size/MD5: 137150 ca2d1f92cc833ef2769bcd04fa67fbc5
http://ports.ubuntu.com/pool/main/z/zope3/zope3-dbg_3.3.1-5ubuntu2.2_sp=
arc.deb
Size/MD5: 869820 3efc21acfe5cc2e831a4bc575fbc7e86
http://ports.ubuntu.com/pool/main/z/zope3/zope3_3.3.1-5ubuntu2.2_sparc.=
deb
Size/MD5: 4164162 4d6071fbbf8096ec9e0b46c79e1ce100

Updated packages for Ubuntu 8.10:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/z/zope3/zope3_3.3.1-7ubuntu=
0.2.diff.gz
Size/MD5: 18301 f8ec099f76b1a918ef496946c887758f
http://security.ubuntu.com/ubuntu/pool/main/z/zope3/zope3_3.3.1-7ubuntu=
0.2.dsc
Size/MD5: 1492 630661aa4aa5015f091cceb1bff6e016
http://security.ubuntu.com/ubuntu/pool/main/z/zope3/zope3_3.3.1.orig.ta=
r.gz
Size/MD5: 6582320 c0b6165233900ba29ced72b9ad95c443

Architecture independent packages:

http://security.ubuntu.com/ubuntu/pool/main/z/zope3/zope3-doc_3.3.1-7ub=
untu0.2_all.deb
Size/MD5: 226016 c12e26381eeee9928034a3dc7f5bc422
http://security.ubuntu.com/ubuntu/pool/main/z/zope3/zope3-sandbox_3.3.1=
-7ubuntu0.2_all.deb
Size/MD5: 47474 0e2ebdb80591e3df5ac265bed234c721

amd64 architecture (Athlon64, Opteron, EM64T Xeon):

http://security.ubuntu.com/ubuntu/pool/main/z/zope3/python-zopeinterfac=
e-dbg_3.3.1-7ubuntu0.2_amd64.deb
Size/MD5: 83938 a8d76708b988762d6d2efaa462fdaf7b
http://security.ubuntu.com/ubuntu/pool/main/z/zope3/python-zopeinterfac=
e_3.3.1-7ubuntu0.2_amd64.deb
Size/MD5: 143190 30dc7fef8baebcc4eb2966d271bdba2e
http://security.ubuntu.com/ubuntu/pool/main/z/zope3/zope3-dbg_3.3.1-7ub=
untu0.2_amd64.deb
Size/MD5: 1025894 470f2c3591d8af5bdb15dedea5217692
http://security.ubuntu.com/ubuntu/pool/main/z/zope3/zope3_3.3.1-7ubuntu=
0.2_amd64.deb
Size/MD5: 4216264 e15e9a1f34313a7bdf8d6c399d19fe85

i386 architecture (x86 compatible Intel/AMD):

http://security.ubuntu.com/ubuntu/pool/main/z/zope3/python-zopeinterfac=
e-dbg_3.3.1-7ubuntu0.2_i386.deb
Size/MD5: 77896 2fc948ef442fc3f68797b90373efb43b
http://security.ubuntu.com/ubuntu/pool/main/z/zope3/python-zopeinterfac=
e_3.3.1-7ubuntu0.2_i386.deb
Size/MD5: 135398 8e92e33ea8fc19771517c9a4455d7d86
http://security.ubuntu.com/ubuntu/pool/main/z/zope3/zope3-dbg_3.3.1-7ub=
untu0.2_i386.deb
Size/MD5: 920744 16c02019b46b915c06cc43fd80177873
http://security.ubuntu.com/ubuntu/pool/main/z/zope3/zope3_3.3.1-7ubuntu=
0.2_i386.deb
Size/MD5: 4179868 47cc61dfe0938fbf9c74ced6ff4842e7

lpia architecture (Low Power Intel Architecture):

http://ports.ubuntu.com/pool/main/z/zope3/python-zopeinterface-dbg_3.3.=
1-7ubuntu0.2_lpia.deb
Size/MD5: 79802 37ee339fbd62d3f0892fb538f05d0ad9
http://ports.ubuntu.com/pool/main/z/zope3/python-zopeinterface_3.3.1-7u=
buntu0.2_lpia.deb
Size/MD5: 135228 9adbf33dcd2c3de2488562e7b1eaf3b4
http://ports.ubuntu.com/pool/main/z/zope3/zope3-dbg_3.3.1-7ubuntu0.2_lp=
ia.deb
Size/MD5: 933792 142c5c089568a44c9c46dd87242d9213
http://ports.ubuntu.com/pool/main/z/zope3/zope3_3.3.1-7ubuntu0.2_lpia.d=
eb
Size/MD5: 4173950 f8406dce44706df9eb2fabff1de83895

powerpc architecture (Apple Macintosh G3/G4/G5):

http://ports.ubuntu.com/pool/main/z/zope3/python-zopeinterface-dbg_3.3.=
1-7ubuntu0.2_powerpc.deb
Size/MD5: 87708 f71296365625ec74b74b80cf55fb70a1
http://ports.ubuntu.com/pool/main/z/zope3/python-zopeinterface_3.3.1-7u=
buntu0.2_powerpc.deb
Size/MD5: 145132 4c4b5cda71cf3684f9552f326a428b3c
http://ports.ubuntu.com/pool/main/z/zope3/zope3-dbg_3.3.1-7ubuntu0.2_po=
werpc.deb
Size/MD5: 1064814 ceed93c6e866b1f1cfa32e91e0b61eae
http://ports.ubuntu.com/pool/main/z/zope3/zope3_3.3.1-7ubuntu0.2_powerp=
c.deb
Size/MD5: 4237146 96ad6cf7f8a8e27e470923dd06de0d7e

sparc architecture (Sun SPARC/UltraSPARC):

http://ports.ubuntu.com/pool/main/z/zope3/python-zopeinterface-dbg_3.3.=
1-7ubuntu0.2_sparc.deb
Size/MD5: 71866 a0fbf8204e03aaa2075512d05e750fa9
http://ports.ubuntu.com/pool/main/z/zope3/python-zopeinterface_3.3.1-7u=
buntu0.2_sparc.deb
Size/MD5: 136470 6bfc39a805a363fad3016fb3efe7dada
http://ports.ubuntu.com/pool/main/z/zope3/zope3-dbg_3.3.1-7ubuntu0.2_sp=
arc.deb
Size/MD5: 867986 d1e9c3548025b4b7291a4269ddf2bd22
http://ports.ubuntu.com/pool/main/z/zope3/zope3_3.3.1-7ubuntu0.2_sparc.=
deb
Size/MD5: 4184074 b050de2b9d0506aeeec5eb6aa06e9c3b

Updated packages for Ubuntu 9.04:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/z/zope3/zope3_3.4.0-0ubuntu=
3.3.diff.gz
Size/MD5: 17843 7f3bc338430cd1f689867ec37ea963b4
http://security.ubuntu.com/ubuntu/pool/main/z/zope3/zope3_3.4.0-0ubuntu=
3.3.dsc
Size/MD5: 1523 c067fcb2950bd81dc6f911b19c322db4
http://security.ubuntu.com/ubuntu/pool/main/z/zope3/zope3_3.4.0.orig.ta=
r.gz
Size/MD5: 7415971 8fda92b82f19efbc18c411e1feb4268e

Architecture independent packages:

http://security.ubuntu.com/ubuntu/pool/main/z/zope3/zope3-doc_3.4.0-0ub=
untu3.3_all.deb
Size/MD5: 229726 dda6ab0a561ce9151a52c56326c250b4
http://security.ubuntu.com/ubuntu/pool/main/z/zope3/zope3-sandbox_3.4.0=
-0ubuntu3.3_all.deb
Size/MD5: 50226 de3ee0b76394a56391bc5e51dd3a04f5

amd64 architecture (Athlon64, Opteron, EM64T Xeon):

http://security.ubuntu.com/ubuntu/pool/main/z/zope3/python-zopeinterfac=
e-dbg_3.4.0-0ubuntu3.3_amd64.deb
Size/MD5: 84706 3c5464aa6163cd28c520cfb06ce642ec
http://security.ubuntu.com/ubuntu/pool/main/z/zope3/python-zopeinterfac=
e_3.4.0-0ubuntu3.3_amd64.deb
Size/MD5: 152022 4a608318024d0a5649e3c418d597c8da
http://security.ubuntu.com/ubuntu/pool/main/z/zope3/zope3-dbg_3.4.0-0ub=
untu3.3_amd64.deb
Size/MD5: 1512942 b6e0d8efd215d79f66f790977e7ede5b
http://security.ubuntu.com/ubuntu/pool/main/z/zope3/zope3_3.4.0-0ubuntu=
3.3_amd64.deb
Size/MD5: 4735130 3a3c8dd907efe6c972c149dc61414e8b

i386 architecture (x86 compatible Intel/AMD):

http://security.ubuntu.com/ubuntu/pool/main/z/zope3/python-zopeinterfac=
e-dbg_3.4.0-0ubuntu3.3_i386.deb
Size/MD5: 78600 fed4130d0d8cf83b1743fd008fd19286
http://security.ubuntu.com/ubuntu/pool/main/z/zope3/python-zopeinterfac=
e_3.4.0-0ubuntu3.3_i386.deb
Size/MD5: 145936 2f4f807d7b2b0e0b4efff4dcd26c3639
http://security.ubuntu.com/ubuntu/pool/main/z/zope3/zope3-dbg_3.4.0-0ub=
untu3.3_i386.deb
Size/MD5: 1360174 3eca9ab23d0708d79378f2dec3f5449b
http://security.ubuntu.com/ubuntu/pool/main/z/zope3/zope3_3.4.0-0ubuntu=
3.3_i386.deb
Size/MD5: 4690060 764d4479aac12c41b200cf0b1facb338

lpia architecture (Low Power Intel Architecture):

http://ports.ubuntu.com/pool/main/z/zope3/python-zopeinterface-dbg_3.4.=
0-0ubuntu3.3_lpia.deb
Size/MD5: 80514 925b3c6d5119f97b5a9da32b7eb9208e
http://ports.ubuntu.com/pool/main/z/zope3/python-zopeinterface_3.4.0-0u=
buntu3.3_lpia.deb
Size/MD5: 145992 07cf55f0b99924030f38a94b06561c24
http://ports.ubuntu.com/pool/main/z/zope3/zope3-dbg_3.4.0-0ubuntu3.3_lp=
ia.deb
Size/MD5: 1377528 b43e8d03929574eb3bf1c8a6d1b0a199
http://ports.ubuntu.com/pool/main/z/zope3/zope3_3.4.0-0ubuntu3.3_lpia.d=
eb
Size/MD5: 4684766 6862d3e74a25a8eeee94751e84b3e890

powerpc architecture (Apple Macintosh G3/G4/G5):

http://ports.ubuntu.com/pool/main/z/zope3/python-zopeinterface-dbg_3.4.=
0-0ubuntu3.3_powerpc.deb
Size/MD5: 88530 c12bde43b126dd4c2fa164188e970a8e
http://ports.ubuntu.com/pool/main/z/zope3/python-zopeinterface_3.4.0-0u=
buntu3.3_powerpc.deb
Size/MD5: 154784 094b09e86f933e1cca41e1acf97af007
http://ports.ubuntu.com/pool/main/z/zope3/zope3-dbg_3.4.0-0ubuntu3.3_po=
werpc.deb
Size/MD5: 1547836 d3ec091ff2f256695963d3e670022847
http://ports.ubuntu.com/pool/main/z/zope3/zope3_3.4.0-0ubuntu3.3_powerp=
c.deb
Size/MD5: 4757096 f2b93e040de3ee8febb223c4eb83f5d3

sparc architecture (Sun SPARC/UltraSPARC):

http://ports.ubuntu.com/pool/main/z/zope3/python-zopeinterface-dbg_3.4.=
0-0ubuntu3.3_sparc.deb
Size/MD5: 72648 2f4dee9d5936184a1726e20dc88eb697
http://ports.ubuntu.com/pool/main/z/zope3/python-zopeinterface_3.4.0-0u=
buntu3.3_sparc.deb
Size/MD5: 146202 f8753470814b77fe668f07c422b70d44
http://ports.ubuntu.com/pool/main/z/zope3/zope3-dbg_3.4.0-0ubuntu3.3_sp=
arc.deb
Size/MD5: 1279576 2f8cfd0847d3661f9c1771abb8105e7f
http://ports.ubuntu.com/pool/main/z/zope3/zope3_3.4.0-0ubuntu3.3_sparc.=
deb
Size/MD5: 4687522 0de0cc9be939d2935034e22bb5ef35b3




--=-dmz1Yc7ZlJpuIK9tQKUu
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: This is a digitally signed message part

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEABECAAYFAkrV/SMACgkQLMAs/0C4zNoSNgCfVWOWtRRlv2oLqACHEgbjCnUC
uQkAn2x3JOc3WoV8XTxPteM24GFmTb4s
=DX5g
-----END PGP SIGNATURE-----