TYPO3, a PHP-based content management system, was found vulnerable to several vulnerabilities. CVE-2013-1842 Helmut Hummel and Markus Opahle discovered that the Extbase database layer was not correctly sanitizing user input when using the Query object model. This can lead to SQL injection by a malicious user inputing crafted relation values. CVE-2013-1843 Missing user input validation in the access tracking mechanism could lead to arbitrary URL redirection. Note: the fix will break already published links. Upstream advisory TYPO3-CORE-SA-2013-001 has more information on how to mitigate that.

For the stable distribution (squeeze), these problems have been fixed in version 4.3.9+dfsg1-1+squeeze8. For the testing distribution (wheezy), these problems have been fixed in version 4.5.19+dfsg1-5. For the unstable distribution (sid), these problems have been fixed in version 4.5.19+dfsg1-5. We recommend that you upgrade your typo3-src packages.

TYPO3 is a free Open Source content management system for enterprise purposes on the web and in intranets. It offers full flexibility and extendability while featuring an accomplished set of ready-made interfaces, functions and modules.

typo3-src on Debian Linux

This check tests the installed software version using the apt package manager.

• http://www.debian.org/security/2013/dsa-2646.html

---

Updated on 2015-03-25