Your message dated Sat, 05 Dec 2009 21:51:35 +0000
with message-id <e1nh2xp-0006kd...@ries.debian.org>
and subject line Bug#552020: fixed in typo3-src 4.2.5-1+lenny2
has caused the Debian Bug report #552020,
regarding TYPO3 Security Bulletin TYPO3-SA-2009-016: Multiple vulnerabilities
in TYPO3 Core
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
552020: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=552020
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: typo3-src
Severity: critical
Tags: security
TYPO3 Security Bulletin TYPO3-SA-2009-016: Multiple vulnerabilities in TYPO3
Core
Vulnerability Types: SQL injection, Cross-site scripting (XSS), Information
disclosure,
Frame hijacking, Remote shell command execution and Insecure Install Tool
authentication/session handling.
Problem Description 1: By entering malcious content into a tt_content form
element,
a backend user could recalculate the encryption key. This knowledge could be
used
to attack TYPO3 mechanisms that were protected by this key. A valid backend
login
is required to exploit this vulnerability.
Problem Description 2: Failing to sanitize user input the TYPO3 backend is
susceptible
to XSS attacs in several places. A valid backend login is required to exploit
these
vulnerabilities.
Problem Description 3: By manipulating URL parameters it is possible to include
arbitrary websites in the TYPO3 backend framesets. A valid backend login is
required
to exploit this vulnerability.
Problem Description 4: By uploading files with malicious filenames an editor
could
execute arbitrary shell commands on the server the TYPO3 installation is
located.
A valid backend login is required to exploit this vulnerability.
Problem Description 5: Failing to sanitize URL parameters, TYPO3 is susceptible
to SQL
injection in the frontend editing feature (the traditional one, not
feeditadvanced that
will be shipped with TYPO3 4.3). A valid backend login and activated frontend
editing
is required to exploit this vulnerability.
Problem Description 6: The sanitizing algorithm of the API function
t3lib_div::quoteJSvalue
wasn't sufficient, so that an an attacker could inject specially crafted HTML
or JavaScript
code. Since this function can be used in backend modules as well as in frontend
extensions, this vulnerability could also be exploited without the need of
having a
vaild backend login.
Problem Description 7: Failing to sanitize URL parameters the Frontend Login
Box box is
susceptible to XSS.
Problem Description 8: It is possible to gain access to the Install Tool by
only knowing
the md5 hash of the Install Tool password.
Problem Description 9: Failing to sanitize URL parameters, the Install Tool is
susceptible
to Cross-site scripting attacks.
For more information see the Typo3 Bulletin at:
<https://typo3.org/teams/security/security-bulletins/typo3-sa-2009-016/>
--
MfG, Christian Welzel
GPG-Key: http://www.camlann.de/key.asc
Fingerprint: 4F50 19BF 3346 36A6 CFA9 DBDC C268 6D24 70A1 AD15
--- End Message ---
--- Begin Message ---
Source: typo3-src
Source-Version: 4.2.5-1+lenny2
We believe that the bug you reported is fixed in the latest version of
typo3-src, which is due to be installed in the Debian FTP archive:
typo3-src-4.2_4.2.5-1+lenny2_all.deb
to main/t/typo3-src/typo3-src-4.2_4.2.5-1+lenny2_all.deb
typo3-src_4.2.5-1+lenny2.diff.gz
to main/t/typo3-src/typo3-src_4.2.5-1+lenny2.diff.gz
typo3-src_4.2.5-1+lenny2.dsc
to main/t/typo3-src/typo3-src_4.2.5-1+lenny2.dsc
typo3_4.2.5-1+lenny2_all.deb
to main/t/typo3-src/typo3_4.2.5-1+lenny2_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 552...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Christian Welzel <gaw...@camlann.de> (supplier of updated typo3-src package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Thu, 22 Oct 2009 22:00:00 +0100
Source: typo3-src
Binary: typo3 typo3-src-4.2
Architecture: source all
Version: 4.2.5-1+lenny2
Distribution: stable-security
Urgency: high
Maintainer: Christian Welzel <gaw...@camlann.de>
Changed-By: Christian Welzel <gaw...@camlann.de>
Description:
typo3 - Powerful content management framework (Meta package)
typo3-src-4.2 - Powerful content management framework (Core)
Closes: 552020
Changes:
typo3-src (4.2.5-1+lenny2) stable-security; urgency=high
.
* Added patches (backported from 4.2.10) to fix the security issues
from "TYPO3 Security Bulletin TYPO3-SA-2009-016: Multiple
vulnerabilities in TYPO3 Core" with the following CVEs assigned:
CVE-2009-3628 TYPO3 Information disclosure
CVE-2009-3629 TYPO3 Cross-site scripting
CVE-2009-3630 TYPO3 Frame hijacking
CVE-2009-3631 TYPO3 Remote shell command execution
CVE-2009-3632 TYPO3 SQL injection
CVE-2009-3633 TYPO3 API function t3lib_div::quoteJSvalue XSS
CVE-2009-3634 TYPO3 Frontend Login Box (felogin) XSS
CVE-2009-3635 TYPO3 Insecure Authentication and Session Handling
CVE-2009-3636 TYPO3 Install Tool XSS
(Closes: 552020).
Checksums-Sha1:
d2fbebe02d85ae433581d5b05dd1a745cee0356c 1008 typo3-src_4.2.5-1+lenny2.dsc
7ea2716fefafee6fee0cd4a92b5f48b4c7173cd2 122866
typo3-src_4.2.5-1+lenny2.diff.gz
339c6ed5cfda1c1837a1eebecffd25628abc4d6b 133854 typo3_4.2.5-1+lenny2_all.deb
211fc4730071526e624af07d0109e556418af518 8201724
typo3-src-4.2_4.2.5-1+lenny2_all.deb
Checksums-Sha256:
f8c131e0d6387e837298ea2b3a8386b951322c6e1af5fd613b119c6de80c4b5a 1008
typo3-src_4.2.5-1+lenny2.dsc
ea801f0e99198cdf98aa3f19cfc12dbde063d8d3e37cd0aef29e809fa3ff8f27 122866
typo3-src_4.2.5-1+lenny2.diff.gz
3bab375199e52583b57c94247839ff860e8ea88bedbdcb4c9f9a2b01363deec4 133854
typo3_4.2.5-1+lenny2_all.deb
5d46c84f27f9705e9304c9196e0b1e9cfddcdc9c3955e38e87840f2f0a2a8d73 8201724
typo3-src-4.2_4.2.5-1+lenny2_all.deb
Files:
8980c630529cf34c44f491e4ee6e6e07 1008 web optional typo3-src_4.2.5-1+lenny2.dsc
d4bce174f2ea2a94834cc0d250b51495 122866 web optional
typo3-src_4.2.5-1+lenny2.diff.gz
04e43a0b661c56a307a06f282f304e43 133854 web optional
typo3_4.2.5-1+lenny2_all.deb
ea85991b8e26953d7ff43080458cc766 8201724 web optional
typo3-src-4.2_4.2.5-1+lenny2_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFK4w0jUHLQNqxYNSARAlysAJ9WbTDwavbKkVys0h9bLKGqPjwsugCeOOAs
S3J5hUikDpCW/GTz19eH28E=
=/4N8
-----END PGP SIGNATURE-----
--- End Message ---
