Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2014.0008 typo3-src security update 2 January 2014 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: typo3-src Publisher: Debian Operating System: Debian GNU/Linux 7 Debian GNU/Linux 6 Impact/Access: Modify Arbitrary Files -- Remote/Unauthenticated Increased Privileges -- Existing Account Access Privileged Data -- Existing Account Delete Arbitrary Files -- Existing Account Cross-site Scripting -- Remote with User Interaction Provide Misleading Information -- Remote with User Interaction Resolution: Patch/Upgrade CVE Names: CVE-2013-7081 CVE-2013-7080 CVE-2013-7079 CVE-2013-7078 CVE-2013-7076 CVE-2013-7075 CVE-2013-7074 CVE-2013-7073 Reference: ESB-2013.1779 Original Bulletin: http://www.debian.org/security/2013/dsa-2834 - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - - ------------------------------------------------------------------------- Debian Security Advisory DSA-2834-1 security@debian.org http://www.debian.org/security/ Salvatore Bonaccorso January 01, 2014 http://www.debian.org/security/faq - - ------------------------------------------------------------------------- Package : typo3-src Vulnerability : several Problem type : remote Debian-specific: no CVE ID : CVE-2013-7073 CVE-2013-7074 CVE-2013-7075 CVE-2013-7076 CVE-2013-7078 CVE-2013-7079 CVE-2013-7080 CVE-2013-7081 Debian Bug : 731999 Several vulnerabilities were discovered in TYPO3, a content management system. This update addresses cross-site scripting, information disclosure, mass assignment, open redirection and insecure unserialize vulnerabilities and corresponds to TYPO3-CORE-SA-2013-004. For the oldstable distribution (squeeze), these problems have been fixed in version 4.3.9+dfsg1-1+squeeze9. For the stable distribution (wheezy), these problems have been fixed in version 4.5.19+dfsg1-5+wheezy2. For the testing distribution (jessie), these problems have been fixed in version 4.5.32+dfsg1-1. For the unstable distribution (sid), these problems have been fixed in version 4.5.32+dfsg1-1. We recommend that you upgrade your typo3-src packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.15 (GNU/Linux) iQIcBAEBCgAGBQJSxD/nAAoJEAVMuPMTQ89EEewP+QE0HI7cMfcvfCO2GpmSq+ZX OgE2PuiIrBaMf9NtUvrWnVWMQRJiLjyejLsFpjGA3BIZAxue9N5WpzoPG9m8Np4c wdsk9a91lzj6vppYVYUnL0U8VmlxDU8mEfzdA39cRbqBzH3R6BfXqtDlDFnuYQvp B65Dn+79Cquch6j0UjoGdCPBAQeINFBJqEk5DjRgZaxJb6kASFXdbthn1XFaXa/o h79yKub2hsXhnmZ6tB8nATPw8jIOm4gkMSNHQHaT46bQVGolgQxqLPOxRE6LMvef bxYWM8oSp/QEYDXyCfHcNwKBOJlUNWH5kjK6uGWpqQ018Ms8Xmo6fQ8qwcwUeFMb bOm5wMuoROZDOm+j5gjfThJ0gkF0A1VIhxXua5w6HkTClI/HvIyKfgCt6DODLUbq 7PgJTsw26ppRR3kvenSIxWW/fc+LvFIN/sKx31v4QnY6c4au369a34fROwpCkzAH HtoC4Fj51r8I/ArLW0+wkyZZaliwKgZQtgGpWGsv+HQ0rwmlltTIXEEFd2fgKDL3 X5KXqN7+X/MhCih3ZAQ4sDGPxAG/iYL5Inz6mnVMie1Sa156bm2t+0EM5hOhJnIj JEfI6+49d6dk4ie9QdNpJ0C35DmlbsgyPgStl0fYMJtyQsfmrH5lFXHUJNS1Gow3 H+EE3f2WZLx6/YNR9dyS =LnMg - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBUsTVbBLndAQH1ShLAQKYqBAAqyTlDSBgaXSBe8fcf/p/cUgKn0yVI4RP 2ZcUQNGa0gO77nacdnkHuSodd1Y3iHUazCsRNo1NnPNAwJe8xB+KhHZzT91VWDCh EhmkcDed3yf4uyQ/9514DvAlgpVIY2LlKRPmDfYy9767Gp3CNE6lLQiJzaQoOSiv 5jSoYhAyUS4T9vhkixd139j6diz2EqirshFcbSQOSsgkJGdY6mhvNFdNlnzy21DW TsyfmLVbr5ZQ270W8aD1bNp3QvhWTwaDvnkNrgCGA0K755Eha1u0/pC8EQX09n7T B6QGQ7Yq46ttSK5toXYAWFAC1S5NYH7fGlfp7lLGR+sXu/MncHAvI7XkTQmOM6m5 70tn2UqO9UbU2CEDSJtgvU0uUv+5QsgzpR1lrUVR6xT9+RKKkqlM9GNcRiAIlZGg TYPm2Hr/JZ3Xmbuzm3rnBq48xtMpOt1bAokuO2v1rPQoxIGcWfFsZNelrsqy8Pay e0sOapTRFpgc9PcNCIxqojI5tyjGsiqqFfvaFd2DuDFOJJZzdJ9aWGcfeDLUHNEq X8sWqilrY23mYzMmOsAuurGaAvoc6W0bjXOBWxmoSzusXSGw79FgGQwXgoaFEE/Y s2ZgzOWxDlG71JkjHIIbxrNsx7VqN5102X9lIQG6CPpeZAcPeIt/LS/11gbFO+JN Qu/5sNfpqGo= =xQdC -----END PGP SIGNATURE-----