Home page logo

fulldisclosure logo Full Disclosure mailing list archives

[SECURITY] [DSA 2008-1] New typo3-src packages fix several vulnerabilities
From: Moritz Muehlenhoff <jmm () debian org>
Date: Tue, 9 Mar 2010 00:16:23 +0100

Hash: SHA1

- ------------------------------------------------------------------------
Debian Security Advisory DSA-2008-1                  security () debian org
http://www.debian.org/security/                       Moritz Muehlenhoff
March 08, 2010                        http://www.debian.org/security/faq
- ------------------------------------------------------------------------

Package        : typo3-src
Vulnerability  : several
Problem type   : local/remote
Debian-specific: no
CVE Id(s)      : not yet available
Debian Bug     : 571151

Several remote vulnerabilities have been discovered in the TYPO3 web 
content management framework: Cross-site scripting vulnerabilities have
been discovered in both the frontend and the backend. Also, user data
could be leaked. More details can be found in the Typo3 security

For the stable distribution (lenny), these problems have been fixed in
version 4.2.5-1+lenny3.

For the upcoming stable distribution (squeeze) and the unstable 
distribution (sid), these problems have been fixed in version 4.3.2-1.

We recommend that you upgrade your typo3-src package.

Upgrade instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 5.0 alias lenny
- --------------------------------

Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.

Source archives:

    Size/MD5 checksum:     1008 2b5fae60fae3e6a6aac0abab77878aab
    Size/MD5 checksum:  8144727 75b2e5db6ac586fb6176f329be452159
    Size/MD5 checksum:   128331 a6c5d19786ea0cb438dca15a5e4cd03d

Architecture independent packages:

    Size/MD5 checksum:  8201908 b9597dd425a73b6cb89bdc3724fcb02f
    Size/MD5 checksum:   133890 7322ee4dbabfb7b8a9ad34541a750777

  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce () lists debian org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
Version: GnuPG v1.4.10 (GNU/Linux)


Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
  • [SECURITY] [DSA 2008-1] New typo3-src packages fix several vulnerabilities Moritz Muehlenhoff (Mar 08)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]