Debian Security Advisory
DSA-2537-1 typo3-src -- several vulnerabilities
- Date Reported:
- 30 Aug 2012
- Affected Packages:
- Security database references:
- In Mitre's CVE dictionary: CVE-2012-3527, CVE-2012-3528, CVE-2012-3529, CVE-2012-3530, CVE-2012-3531.
- More information:
Several vulnerabilities were discovered in TYPO3, a content management system.
An insecure call to unserialize in the help system enables arbitrary code execution by authenticated users.
The TYPO3 backend contains several cross-site scripting vulnerabilities.
Authenticated users who can access the configuration module can obtain the encryption key, allowing them to escalate their privileges.
For the stable distribution (squeeze), these problems have been fixed in version 4.3.9+dfsg1-1+squeeze5.
For the testing distribution (wheezy) and the unstable distribution (sid), these problems have been fixed in version 4.5.19+dfsg1-1.
We recommend that you upgrade your typo3-src packages.