Your message dated Sun, 10 Oct 2010 13:33:05 +0000
with message-id <[email protected]>
and subject line Bug#599334: fixed in typo3-src 4.3.7-1
has caused the Debian Bug report #599334,
regarding TYPO3 Security Bulletin TYPO3-SA-2010-020: Multiple vulnerabilities
in TYPO3 Core
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
599334: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=599334
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: typo3-src
Severity: critical
Tags: security
Affected Versions: 4.2.14 and below, 4.3.6 and below, 4.4.3 and below
Vulnerability Types: Remote File Disclosure, Cross-Site Scripting (XSS),
Privilege Escalation, Denial of Service
Vulnerable subcomponent #1: Access tracking mechanism
Vulnerability Type: Remote File Disclosure
Severity: Critical
Suggested CVSS v2.0: AV:N/AC:M/Au:N/C:C/I:N/A:N/E:F/RL:OF/RC:C
Problem Description: A Remote File Disclosure vulnerability in the
jumpUrl mechanism, used to track access on web pages and provided files,
allows a remote attacker to read arbitrary files on a host. Because of a
non-typesafe comparison between the submitted and the calculated hash,
it is possible to spoof a hash value to bypass the access control.
There's no authentication required to exploit this vulnerability. The
vulnerability allows to read any file, the web server user account has
access to.
Vulnerable subcomponent #2: Backend
Vulnerability Type: Cross-Site Scripting
Severity: Medium
Suggested CVSS v2.0: AV:N/AC:L/Au:S/C:P/I:P/A:N/E:F/RL:OF/RC:C
Problem Description: Failing to sanitize user input, the TYPO3 backend
is susceptible to XSS attacks in several places. A valid backend login
is required to exploit these vulnerabilities.
Vulnerability Type: Remote File Disclosure
Severity: Low
Suggested CVSS v2.0: AV:N/AC:M/Au:S/C:C/I:P/A:N/E:F/RL:OF/RC:C
Problem Description: Failing to properly validate user input, the
Extension Manager is susceptible to Remote File Disclosure. By forging a
special request parameter it is possible to view (and edit under special
conditions) the contents of every file the webserver has access to. A
valid admin user login is required to exploit this vulnerability.
Vulnerability Type: Privilege Escalation
Severity: Medium
Suggested CVSS v2.0: AV:N/AC:H/Au:S/C:P/I:P/A:N/E:F/RL:OF/RC:C
Problem Description: Failing to properly validate user input, the
sys_action task "be_user_creation" is susceptible to Privilege
Escalation. By forging a POST request an editor with the rights to
create users in the taskcenter, can create users which are a member of
arbitrary usergroups and by that probably leverage her privileges.
Vulnerable subcomponent #3: Validation/ Filtering API
Vulnerability Type: Denial of Service
Severity: Medium
Suggested CVSS v2.0: AV:N/AC:M/Au:N/C:N/I:N/A:C/E:F/RL:OF/RC:C
Problem Description: Because of a PHP crash in the filter_var() function
when passing large strings to it, TYPO3 is susceptible to a Denial of
Service attack in every place the API function t3lib_div::validEmail()
is used.
Vulnerability Type: Cross-Site Scripting
Severity: Low
Suggested CVSS v2.0: AV:N/AC:H/Au:N/C:P/I:P/A:N/E:F/RL:OF/RC:C
Problem Description: The normalisation feature of the RemoveXSS function
was incomplete, allowing an attacker to inject arbitrary JavaScript code.
--
MfG, Christian Welzel
GPG-Key: http://www.camlann.de/de/pgpkey.html
Fingerprint: 4F50 19BF 3346 36A6 CFA9 DBDC C268 6D24 70A1 AD15
--- End Message ---
--- Begin Message ---
Source: typo3-src
Source-Version: 4.3.7-1
We believe that the bug you reported is fixed in the latest version of
typo3-src, which is due to be installed in the Debian FTP archive:
typo3-database_4.3.7-1_all.deb
to main/t/typo3-src/typo3-database_4.3.7-1_all.deb
typo3-src-4.3_4.3.7-1_all.deb
to main/t/typo3-src/typo3-src-4.3_4.3.7-1_all.deb
typo3-src_4.3.7-1.debian.tar.gz
to main/t/typo3-src/typo3-src_4.3.7-1.debian.tar.gz
typo3-src_4.3.7-1.dsc
to main/t/typo3-src/typo3-src_4.3.7-1.dsc
typo3-src_4.3.7.orig.tar.gz
to main/t/typo3-src/typo3-src_4.3.7.orig.tar.gz
typo3_4.3.7-1_all.deb
to main/t/typo3-src/typo3_4.3.7-1_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Christian Welzel <[email protected]> (supplier of updated typo3-src package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Fri, 08 Oct 2010 22:00:00 +0200
Source: typo3-src
Binary: typo3-src-4.3 typo3-database typo3
Architecture: source all
Version: 4.3.7-1
Distribution: unstable
Urgency: high
Maintainer: Christian Welzel <[email protected]>
Changed-By: Christian Welzel <[email protected]>
Description:
typo3 - The enterprise level open source WebCMS (Meta)
typo3-database - TYPO3 - The enterprise level open source WebCMS (Database)
typo3-src-4.3 - TYPO3 - The enterprise level open source WebCMS (Core)
Closes: 599334
Changes:
typo3-src (4.3.7-1) unstable; urgency=high
.
* New upstream release:
- fixes: "TYPO3 Security Bulletin TYPO3-SA-2010-020: Multiple
vulnerabilities in TYPO3 Core" (Closes: 599334)
* raised standards version to 3.9.1
Checksums-Sha1:
f12d0917a2af28f43a06c52ddd3a8e2adb505843 1021 typo3-src_4.3.7-1.dsc
c300dca1bda535c3165917814feadd4959c86b89 11501611 typo3-src_4.3.7.orig.tar.gz
09d6ca575d3277e03c8e7fc9235432543c5d1bba 113351 typo3-src_4.3.7-1.debian.tar.gz
fc726c069376b033874daee45334a9cc1f645335 11263912 typo3-src-4.3_4.3.7-1_all.deb
4c46206d118f64700a063f61b475c06a657533c1 200344 typo3-database_4.3.7-1_all.deb
6beaa2a04463bd903e5baa2a233facb3d42b998b 1248 typo3_4.3.7-1_all.deb
Checksums-Sha256:
dee99c75d8ddaf95c01fd1b7c57a97075a738e366be70b050d07ffbc84b5ae23 1021
typo3-src_4.3.7-1.dsc
4ce66a5f4c45765eeb972fad0b5e2c45d76d1f4c7325a463f438797ca43baf8a 11501611
typo3-src_4.3.7.orig.tar.gz
a1e3c8117f11c07b5429454d7c7dab75a83e7e5f401bd62a509f2624e7a120a6 113351
typo3-src_4.3.7-1.debian.tar.gz
8d1a942e1a8beda65a103df4a6d6cf4b984485b26ba62e25d640b98311cdf74a 11263912
typo3-src-4.3_4.3.7-1_all.deb
31587fdb21633c1b25af879a0e594a3f84bd61e344f57df434fad165baea63ef 200344
typo3-database_4.3.7-1_all.deb
0eeafd5d2f21170e0dc234056aecc9501ff61f3e4fe34fc67a13b1e654d51359 1248
typo3_4.3.7-1_all.deb
Files:
6634c94af7a58dceb9c3e3fa6e90f9d2 1021 web optional typo3-src_4.3.7-1.dsc
86ba73e7dc48fccb3400b61e55b0446e 11501611 web optional
typo3-src_4.3.7.orig.tar.gz
8adc9f297f22d2d9deb6e6fb0e998a55 113351 web optional
typo3-src_4.3.7-1.debian.tar.gz
b08cf8a75dca4344b0bffb6367a1007f 11263912 web optional
typo3-src-4.3_4.3.7-1_all.deb
dd1569fe75d3e5e647eec96b01d47452 200344 web optional
typo3-database_4.3.7-1_all.deb
df0efb78092b837f1fdc855b98a195aa 1248 web optional typo3_4.3.7-1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFMsbzEUHLQNqxYNSARAl99AKCR8Nk27i2yNZU/93RkMorVJaZI5wCfYnmO
E5v6/NczN4Sqz1K4iwwInNw=
=7SjU
-----END PGP SIGNATURE-----
--- End Message ---
