Your message dated Thu, 22 Jan 2009 18:08:24 +0100
with message-id <20090122170824.ga28...@ngolde.de>
and subject line closing
has caused the Debian Bug report #512608,
regarding [SA33617] Typo3 Multiple Vulnerabilities
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
512608: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=512608
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: typo3-src
Severity: grave
Tags: security
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
The following SA (Secunia Advisory) id was published for Typo3:
SA33617[1]
> DESCRIPTION:
> Some vulnerabilities have been reported in Typo3, which can be
> exploited by malicious people to bypass certain security
> restrictions, conduct cross-site scripting and session fixation
> attacks, and compromise a vulnerable system.
>
> 1) The "Install tool" system extension uses insufficiently random
> entropy sources to generate an encryption key, resulting in weak
> security.
>
> 2) The authentication library does not properly invalidate supplied
> session tokens, which can be exploited to hijack a user's session.
>
> 3) Certain unspecified input passed to the "Indexed Search Engine"
> system extension is not properly sanitised before being used to
> invoke commands. This can be exploited to inject and execute
> arbitrary shell commands.
>
> 4) Input passed via the name and content of files to the "Indexed
> Search Engine" system extension is not properly sanitised before
> being returned to the user. This can be exploited to execute
> arbitrary HTML and script code in a user's browser session in context
> of an affected site.
>
> 5) Certain unspecified input passed to the Workspace module is not
> properly sanitised before being returned to the user. This can be
> exploited to execute arbitrary HTML and script code in a user's
> browser session in context of an affected site.
>
> Note: It is also reported that certain unspecified input passed to
> test scripts of the "ADOdb" system extension is not properly
> sanitised before being returned to the user. This can be exploited to
> execute arbitrary HTML and script code in a user's browser session in
> context of an affected website.
>
> SOLUTION:
> Update to Typo3 version 4.0.10, 4.1.8, or 4.2.4.
>
> Generate a new encryption key (see vendor's advisory for more
> information).
>
> PROVIDED AND/OR DISCOVERED BY:
> The vendor credits:
> 1) Chris John Riley of Raiffeisen Informatik, CERT Security
> Competence Center Zwettl
> 2) Marcus Krause
> 3, 4) Mads Olesen
> 5) Daniel Fabian, SEC Consult
>
> ORIGINAL ADVISORY:
> TYPO3-SA-2009-001:
> http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-001/
If you fix the vulnerability please also make sure to include the CVE id
(if available) in the changelog entry.
[1]http://secunia.com/advisories/33617/
Cheers,
Giuseppe
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkl4IpcACgkQNxpp46476ar0ngCfSRgis+Em7SqxFn/3biLtqRVt
/noAn0W0Y1T7EDOytyIfw4l63Ix+3yEE
=PAgw
-----END PGP SIGNATURE-----
--- End Message ---
--- Begin Message ---
Version: 4.2.4-1
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
pgpJrfIOTCamM.pgp
Description: PGP signature
--- End Message ---
