Your message dated Wed, 20 Oct 2010 14:32:24 +0000
with message-id <[email protected]>
and subject line Bug#599334: fixed in typo3-src 4.2.5-1+lenny6
has caused the Debian Bug report #599334,
regarding TYPO3 Security Bulletin TYPO3-SA-2010-020: Multiple vulnerabilities
in TYPO3 Core
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
599334: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=599334
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: typo3-src
Severity: critical
Tags: security
Affected Versions: 4.2.14 and below, 4.3.6 and below, 4.4.3 and below
Vulnerability Types: Remote File Disclosure, Cross-Site Scripting (XSS),
Privilege Escalation, Denial of Service
Vulnerable subcomponent #1: Access tracking mechanism
Vulnerability Type: Remote File Disclosure
Severity: Critical
Suggested CVSS v2.0: AV:N/AC:M/Au:N/C:C/I:N/A:N/E:F/RL:OF/RC:C
Problem Description: A Remote File Disclosure vulnerability in the
jumpUrl mechanism, used to track access on web pages and provided files,
allows a remote attacker to read arbitrary files on a host. Because of a
non-typesafe comparison between the submitted and the calculated hash,
it is possible to spoof a hash value to bypass the access control.
There's no authentication required to exploit this vulnerability. The
vulnerability allows to read any file, the web server user account has
access to.
Vulnerable subcomponent #2: Backend
Vulnerability Type: Cross-Site Scripting
Severity: Medium
Suggested CVSS v2.0: AV:N/AC:L/Au:S/C:P/I:P/A:N/E:F/RL:OF/RC:C
Problem Description: Failing to sanitize user input, the TYPO3 backend
is susceptible to XSS attacks in several places. A valid backend login
is required to exploit these vulnerabilities.
Vulnerability Type: Remote File Disclosure
Severity: Low
Suggested CVSS v2.0: AV:N/AC:M/Au:S/C:C/I:P/A:N/E:F/RL:OF/RC:C
Problem Description: Failing to properly validate user input, the
Extension Manager is susceptible to Remote File Disclosure. By forging a
special request parameter it is possible to view (and edit under special
conditions) the contents of every file the webserver has access to. A
valid admin user login is required to exploit this vulnerability.
Vulnerability Type: Privilege Escalation
Severity: Medium
Suggested CVSS v2.0: AV:N/AC:H/Au:S/C:P/I:P/A:N/E:F/RL:OF/RC:C
Problem Description: Failing to properly validate user input, the
sys_action task "be_user_creation" is susceptible to Privilege
Escalation. By forging a POST request an editor with the rights to
create users in the taskcenter, can create users which are a member of
arbitrary usergroups and by that probably leverage her privileges.
Vulnerable subcomponent #3: Validation/ Filtering API
Vulnerability Type: Denial of Service
Severity: Medium
Suggested CVSS v2.0: AV:N/AC:M/Au:N/C:N/I:N/A:C/E:F/RL:OF/RC:C
Problem Description: Because of a PHP crash in the filter_var() function
when passing large strings to it, TYPO3 is susceptible to a Denial of
Service attack in every place the API function t3lib_div::validEmail()
is used.
Vulnerability Type: Cross-Site Scripting
Severity: Low
Suggested CVSS v2.0: AV:N/AC:H/Au:N/C:P/I:P/A:N/E:F/RL:OF/RC:C
Problem Description: The normalisation feature of the RemoveXSS function
was incomplete, allowing an attacker to inject arbitrary JavaScript code.
--
MfG, Christian Welzel
GPG-Key: http://www.camlann.de/de/pgpkey.html
Fingerprint: 4F50 19BF 3346 36A6 CFA9 DBDC C268 6D24 70A1 AD15
--- End Message ---
--- Begin Message ---
Source: typo3-src
Source-Version: 4.2.5-1+lenny6
We believe that the bug you reported is fixed in the latest version of
typo3-src, which is due to be installed in the Debian FTP archive:
typo3-src-4.2_4.2.5-1+lenny6_all.deb
to main/t/typo3-src/typo3-src-4.2_4.2.5-1+lenny6_all.deb
typo3-src_4.2.5-1+lenny6.diff.gz
to main/t/typo3-src/typo3-src_4.2.5-1+lenny6.diff.gz
typo3-src_4.2.5-1+lenny6.dsc
to main/t/typo3-src/typo3-src_4.2.5-1+lenny6.dsc
typo3_4.2.5-1+lenny6_all.deb
to main/t/typo3-src/typo3_4.2.5-1+lenny6_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Christian Welzel <[email protected]> (supplier of updated typo3-src package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Fri, 08 Oct 2010 22:00:00 +0200
Source: typo3-src
Binary: typo3 typo3-src-4.2
Architecture: source all
Version: 4.2.5-1+lenny6
Distribution: stable-security
Urgency: high
Maintainer: Christian Welzel <[email protected]>
Changed-By: Christian Welzel <[email protected]>
Description:
typo3 - Powerful content management framework (Meta package)
typo3-src-4.2 - Powerful content management framework (Core)
Closes: 599334
Changes:
typo3-src (4.2.5-1+lenny6) stable-security; urgency=high
.
* Security patch from new upstream release 4.2.15:
- fixes: "TYPO3 Security Bulletin TYPO3-SA-2010-020: Multiple
vulnerabilities in TYPO3 Core" (Closes: 599334)
Checksums-Sha1:
f5d2c432a6851f4c65fbec5d49f7ba5848960fbb 1008 typo3-src_4.2.5-1+lenny6.dsc
6199ccc4c3f25d6c72cff52b39081de7804c79f4 152742
typo3-src_4.2.5-1+lenny6.diff.gz
2926d022bec7a5ca160043c3ace640d6b39c3ec5 134112 typo3_4.2.5-1+lenny6_all.deb
87c7fb9a04dea38757002356727d513650bd7e9a 8195348
typo3-src-4.2_4.2.5-1+lenny6_all.deb
Checksums-Sha256:
3a948bb62a3d41d613a7b4d93f0b36e9585d6681f5bf28604045e50739cc8153 1008
typo3-src_4.2.5-1+lenny6.dsc
ce09e1d01f4ef6af328015fcee67cff4d5e804744683125a6cc88994f90fb7c7 152742
typo3-src_4.2.5-1+lenny6.diff.gz
72fbed6eb0f93a98684d5cdeeb679182734861c3329c148ed2817434fe977629 134112
typo3_4.2.5-1+lenny6_all.deb
14cd02c1d26d680b789606ae6dd87e714cec2fbc4ce028b9ead76be69a1a08c1 8195348
typo3-src-4.2_4.2.5-1+lenny6_all.deb
Files:
bf881e512e212abd941cdc5fa1b92e85 1008 web optional typo3-src_4.2.5-1+lenny6.dsc
0d4c91f55399c8b0e3f1f576e485e61c 152742 web optional
typo3-src_4.2.5-1+lenny6.diff.gz
ba4ae758bf6725380f09286311c088da 134112 web optional
typo3_4.2.5-1+lenny6_all.deb
8ec1360dce403f5c1ecf5cb75e5be16b 8195348 web optional
typo3-src-4.2_4.2.5-1+lenny6_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFMsbolUHLQNqxYNSARApI0AJ9WAFWC/S9EFRls7AHF6aZcFNbfiwCgtynY
ynd7BiPuZYiYulEtR1WWwoU=
=LTCs
-----END PGP SIGNATURE-----
--- End Message ---
