Debian Security Advisory

DSA-2121-1 typo3-src -- several vulnerabilities

Date Reported:
19 Oct 2010
Affected Packages:
typo3-src
Vulnerable:
Yes
Security database references:
In Mitre's CVE dictionary: CVE-2010-3714, CVE-2010-3715, CVE-2010-3716, CVE-2010-3717.
More information:

Several remote vulnerabilities have been discovered in TYPO3. The Common Vulnerabilities and Exposures project identifies the following problems:

  • CVE-2010-3714

    Multiple remote file disclosure vulnerabilities in the jumpUrl mechanism and the Extension Manager allowed attackers to read files with the privileges of the account under which the web server was running.

  • CVE-2010-3715

    The TYPO3 backend contained several cross-site scripting vulnerabilities, and the RemoveXSS function did not filter all Javascript code.

  • CVE-2010-3716

    Malicious editors with user creation permission could escalate their privileges by creating new users in arbitrary groups, due to lack of input validation in the taskcenter.

  • CVE-2010-3717

    TYPO3 exposed a crasher bug in the PHP filter_var function, enabling attackers to cause the web server process to crash and thus consume additional system resources.

For the stable distribution (lenny), these problems have been fixed in version 4.2.5-1+lenny6.

For the unstable distribution (sid) and the upcoming stable distribution (squeeze), these problems have been fixed in version 4.3.7-1.

We recommend that you upgrade your TYPO3 packages.

Fixed in:

Debian GNU/Linux 5.0 (lenny)

Source:
http://security.debian.org/pool/updates/main/t/typo3-src/typo3-src_4.2.5.orig.tar.gz
http://security.debian.org/pool/updates/main/t/typo3-src/typo3-src_4.2.5-1+lenny6.dsc
http://security.debian.org/pool/updates/main/t/typo3-src/typo3-src_4.2.5-1+lenny6.diff.gz
Architecture-independent component:
http://security.debian.org/pool/updates/main/t/typo3-src/typo3-src-4.2_4.2.5-1+lenny6_all.deb
http://security.debian.org/pool/updates/main/t/typo3-src/typo3_4.2.5-1+lenny6_all.deb

MD5 checksums of the listed files are available in the original advisory.