Package: typo3-src Severity: critical Tags: security It has been discovered that TYPO3 Core is susceptible to SQL Injection and Open Redirection
Component Type: TYPO3 Core Affected Versions: 4.5.0 up to 4.5.23, 4.6.0 up to 4.6.16, 4.7.0 up to 4.7.8 and 6.0.0 up to 6.0.2 Vulnerability Types: SQL Injection, Open Redirection Overall Severity: High Release Date: March 6, 2013 Vulnerable subcomponent: Extbase Framework Vulnerability Type: SQL Injection Severity: Critical Suggested CVSS v2.0: AV:N/AC:M/Au:N/C:C/I:C/A:N/E:H/RL:O/RC:C Problem Description: Failing to sanitize user input, the Extbase database abstraction layer is susceptible to SQL Injection. TYPO3 sites which have no Extbase extensions installed are not affected. Extbase extensions are affected if they use the Query Object Model and relation values are user generated input. (e.g. : $query->contains('model.categories', $userProvidedValue) ) Note: It has been reported to the TYPO3 Security Team that this problem is known and exploited in the wild. Vulnerable subcomponent: Access tracking mechanism Vulnerability Type: Open Redirection Severity: Medium Suggested CVSS v2.0: AV:N/AC:L/Au:N/C:N/I:P/A:N/E:H/RL:O/RC:C Problem Description: Failing to validate user provided input, the access tracking mechanism allows redirects to arbitrary URLs. Important Notes: To fix this vulnerability, we had to break existing behaviour of TYPO3 sites that use the access tracking mechanism (jumpurl feature) to transform links to external sites. The link generation has been changed to include a hash that is checked before redirecting to an external URL. This means that old links that have been distributed (e.g. by a newsletter) will not work any more. If you are using the jumpurl feature you need to do the following: lookup more information on http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-001/ -- MfG, Christian Welzel GPG-Key: http://www.camlann.de/de/pgpkey.html Fingerprint: 4F50 19BF 3346 36A6 CFA9 DBDC C268 6D24 70A1 AD15 -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org