-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-2098-1 security@xxxxxxxxxx http://www.debian.org/security/ Thijs Kinkhorst August 29, 2010 http://www.debian.org/security/faq - ------------------------------------------------------------------------ Package : typo3-src Vulnerability : several Problem type : local/remote Debian-specific: no CVE Id(s) : not yet available Debian Bug : 590719 Several remote vulnerabilities have been discovered in the TYPO3 web content management framework: cross-site Scripting, open redirection, SQL injection, broken authentication and session management, insecure randomness, information disclosure and arbitrary code execution. More details can be found in the Typo3 security advisory: http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-012/ For the stable distribution (lenny), these problems have been fixed in version 4.2.5-1+lenny4. The testing distribution (squeeze) will be fixed soon. For the unstable distribution (sid), these problems have been fixed in version 4.3.5-1. We recommend that you upgrade your typo3-src package. Upgrade instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 5.0 alias lenny - -------------------------------- Source archives: http://security.debian.org/pool/updates/main/t/typo3-src/typo3-src_4.2.5.orig.tar.gz Size/MD5 checksum: 8144727 75b2e5db6ac586fb6176f329be452159 http://security.debian.org/pool/updates/main/t/typo3-src/typo3-src_4.2.5-1+lenny4.dsc Size/MD5 checksum: 1008 018342ba199d8f866382b6791a617831 http://security.debian.org/pool/updates/main/t/typo3-src/typo3-src_4.2.5-1+lenny4.diff.gz Size/MD5 checksum: 146540 9a2b90a47fd6373863cf43cecbbb53ee Architecture independent packages: http://security.debian.org/pool/updates/main/t/typo3-src/typo3_4.2.5-1+lenny4_all.deb Size/MD5 checksum: 133958 4ec08c57f0dc4abb1681e98f403d81de http://security.debian.org/pool/updates/main/t/typo3-src/typo3-src-4.2_4.2.5-1+lenny4_all.deb Size/MD5 checksum: 8192390 88cd8939bd4d1c5aad5aa0aa986f8855 These files will probably be moved into the stable distribution on its next update. - --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce@xxxxxxxxxxxxxxxx Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAEBAgAGBQJMejdSAAoJEOxfUAG2iX57ByoIANXvUUdcMHPF9QFI4zh2SIgB 8UgtKj1mtDpNiyj6nAtJKx7wT97OclsG9mbvkuEM6t1gwjoZL6P03+fXj2C+EmA+ xVrzmUsQQDnLN27PFTVc6xepCrs5Bxwi1pBft/8LjwVauCMCC/1hzgKHrAIhWi2M RKi9e59Dob13OiWZ3bgtXgTCAFm7dHUuE1QmQqm5sEAmKXsyiliGUloE7ipMqEBa WuR5/Za0tAN8FRV/5prmKxDPUna5ikI4afk+v4dardzkcGLWtGdHjLFRZ33pvcFk b3BEL1Tw1UK4LeIyF6yMYSBjMCANRZL5mE0xEfXcghiGtEFZeTsCXUWPXZ9OjaM= =EiZM -----END PGP SIGNATURE-----
