Summary
Several vulnerabilities were discovered in TYPO3, a content management system. This update addresses cross-site scripting, information disclosure, mass assignment, open redirection and insecure unserialize vulnerabilities and corresponds to TYPO3-CORE-SA-2013-004 .
Solution
For the oldstable distribution (squeeze), these problems have been fixed in version 4.3.9+dfsg1-1+squeeze9.
For the stable distribution (wheezy), these problems have been fixed in version 4.5.19+dfsg1-5+wheezy2.
For the testing distribution (jessie), these problems have been fixed in version 4.5.32+dfsg1-1.
For the unstable distribution (sid), these problems have been fixed in version 4.5.32+dfsg1-1.
We recommend that you upgrade your typo3-src packages.
Insight
TYPO3 is a free Open Source content management system for enterprise purposes on the web and in intranets. It offers full flexibility and extendability while featuring an accomplished set of ready-made interfaces, functions and modules.
Affected
typo3-src on Debian Linux
Detection
This check tests the installed software version using the apt package manager.
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2013-7073, CVE-2013-7074, CVE-2013-7075, CVE-2013-7076, CVE-2013-7078, CVE-2013-7079, CVE-2013-7080, CVE-2013-7081 -
CVSS Base Score: 6.5
AV:N/AC:L/Au:S/C:P/I:P/A:P
Related Vulnerabilities