Your message dated Sat, 05 Dec 2009 22:42:09 +0000
with message-id <[email protected]>
and subject line Bug#552020: fixed in typo3-src 4.0.2+debian-9
has caused the Debian Bug report #552020,
regarding TYPO3 Security Bulletin TYPO3-SA-2009-016: Multiple vulnerabilities
in TYPO3 Core
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
552020: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=552020
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: typo3-src
Severity: critical
Tags: security
TYPO3 Security Bulletin TYPO3-SA-2009-016: Multiple vulnerabilities in TYPO3
Core
Vulnerability Types: SQL injection, Cross-site scripting (XSS), Information
disclosure,
Frame hijacking, Remote shell command execution and Insecure Install Tool
authentication/session handling.
Problem Description 1: By entering malcious content into a tt_content form
element,
a backend user could recalculate the encryption key. This knowledge could be
used
to attack TYPO3 mechanisms that were protected by this key. A valid backend
login
is required to exploit this vulnerability.
Problem Description 2: Failing to sanitize user input the TYPO3 backend is
susceptible
to XSS attacs in several places. A valid backend login is required to exploit
these
vulnerabilities.
Problem Description 3: By manipulating URL parameters it is possible to include
arbitrary websites in the TYPO3 backend framesets. A valid backend login is
required
to exploit this vulnerability.
Problem Description 4: By uploading files with malicious filenames an editor
could
execute arbitrary shell commands on the server the TYPO3 installation is
located.
A valid backend login is required to exploit this vulnerability.
Problem Description 5: Failing to sanitize URL parameters, TYPO3 is susceptible
to SQL
injection in the frontend editing feature (the traditional one, not
feeditadvanced that
will be shipped with TYPO3 4.3). A valid backend login and activated frontend
editing
is required to exploit this vulnerability.
Problem Description 6: The sanitizing algorithm of the API function
t3lib_div::quoteJSvalue
wasn't sufficient, so that an an attacker could inject specially crafted HTML
or JavaScript
code. Since this function can be used in backend modules as well as in frontend
extensions, this vulnerability could also be exploited without the need of
having a
vaild backend login.
Problem Description 7: Failing to sanitize URL parameters the Frontend Login
Box box is
susceptible to XSS.
Problem Description 8: It is possible to gain access to the Install Tool by
only knowing
the md5 hash of the Install Tool password.
Problem Description 9: Failing to sanitize URL parameters, the Install Tool is
susceptible
to Cross-site scripting attacks.
For more information see the Typo3 Bulletin at:
<https://typo3.org/teams/security/security-bulletins/typo3-sa-2009-016/>
--
MfG, Christian Welzel
GPG-Key: http://www.camlann.de/key.asc
Fingerprint: 4F50 19BF 3346 36A6 CFA9 DBDC C268 6D24 70A1 AD15
--- End Message ---
--- Begin Message ---
Source: typo3-src
Source-Version: 4.0.2+debian-9
We believe that the bug you reported is fixed in the latest version of
typo3-src, which is due to be installed in the Debian FTP archive:
typo3-src-4.0_4.0.2+debian-9_all.deb
to main/t/typo3-src/typo3-src-4.0_4.0.2+debian-9_all.deb
typo3-src_4.0.2+debian-9.diff.gz
to main/t/typo3-src/typo3-src_4.0.2+debian-9.diff.gz
typo3-src_4.0.2+debian-9.dsc
to main/t/typo3-src/typo3-src_4.0.2+debian-9.dsc
typo3_4.0.2+debian-9_all.deb
to main/t/typo3-src/typo3_4.0.2+debian-9_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Christian Welzel <[email protected]> (supplier of updated typo3-src package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Thu, 22 Oct 2009 23:30:00 +0100
Source: typo3-src
Binary: typo3 typo3-src-4.0
Architecture: source all
Version: 4.0.2+debian-9
Distribution: oldstable-security
Urgency: high
Maintainer: Christian Welzel <[email protected]>
Changed-By: Christian Welzel <[email protected]>
Description:
typo3 - Powerful content management framework (Meta package)
typo3-src-4.0 - Powerful content management framework (Core)
Closes: 552020
Changes:
typo3-src (4.0.2+debian-9) oldstable-security; urgency=high
.
* Added patches (backported from 4.2.10) to fix the security issues
from "TYPO3 Security Bulletin TYPO3-SA-2009-016: Multiple
vulnerabilities in TYPO3 Core" with the following CVEs assigned:
CVE-2009-3628 TYPO3 Information disclosure
CVE-2009-3629 TYPO3 Cross-site scripting
CVE-2009-3630 TYPO3 Frame hijacking
CVE-2009-3631 TYPO3 Remote shell command execution
CVE-2009-3632 TYPO3 SQL injection
CVE-2009-3633 TYPO3 API function t3lib_div::quoteJSvalue XSS
CVE-2009-3634 TYPO3 Frontend Login Box (felogin) XSS
CVE-2009-3635 TYPO3 Insecure Authentication and Session Handling
CVE-2009-3636 TYPO3 Install Tool XSS
(Closes: 552020).
Files:
522ed0d81b54572f24b984a8448d594b 610 web optional typo3-src_4.0.2+debian-9.dsc
a0f7dee86225e89e4914633d2401e232 32793 web optional
typo3-src_4.0.2+debian-9.diff.gz
ba868af9c67e56ba346233e3473b94c6 77256 web optional
typo3_4.0.2+debian-9_all.deb
030c0d0fa407a74b5d48a24d280e2ce5 7696110 web optional
typo3-src-4.0_4.0.2+debian-9_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFK8cM+UHLQNqxYNSARAvCOAKCQzYlrBYukelnpyUQkqsrIMGKLrwCbBPZ4
lF4fFfF4wWCaM6LkdrkXwBE=
=4waN
-----END PGP SIGNATURE-----
--- End Message ---
