Bug#702574: marked as done (TYPO3-CORE-SA-2013-001: SQL Injection and Open Redirection in TYPO3 Core (CVE-2013-1842, CVE-2013-1843))

Debian Bug Tracking System Sun, 17 Mar 2013 04:06:29 -0700

Your message dated Sun, 17 Mar 2013 11:02:45 +0000
with message-id <e1uhbmt-00083c...@franck.debian.org>
and subject line Bug#702574: fixed in typo3-src 4.3.9+dfsg1-1+squeeze8
has caused the Debian Bug report #702574,
regarding TYPO3-CORE-SA-2013-001: SQL Injection and Open Redirection in TYPO3 
Core (CVE-2013-1842, CVE-2013-1843)
to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
702574: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=702574
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: typo3-src
Severity: critical
Tags: security

It has been discovered that TYPO3 Core is susceptible to SQL Injection
and Open Redirection


Component Type: TYPO3 Core

Affected Versions: 4.5.0 up to 4.5.23, 4.6.0 up to 4.6.16, 4.7.0 up to
4.7.8 and 6.0.0 up to 6.0.2
Vulnerability Types: SQL Injection, Open Redirection
Overall Severity: High
Release Date: March 6, 2013




Vulnerable subcomponent: Extbase Framework


Vulnerability Type: SQL Injection
Severity: Critical
Suggested CVSS v2.0: AV:N/AC:M/Au:N/C:C/I:C/A:N/E:H/RL:O/RC:C

Problem Description: Failing to sanitize user input, the Extbase
database abstraction layer is susceptible to SQL Injection. TYPO3 sites
which have no Extbase extensions installed are not affected. Extbase
extensions are affected if they use the Query Object Model and relation
values are user generated input. (e.g. :
$query->contains('model.categories', $userProvidedValue) )

Note: It has been reported to the TYPO3 Security Team that this problem
is known and exploited in the wild.



Vulnerable subcomponent: Access tracking mechanism


Vulnerability Type: Open Redirection
Severity: Medium
Suggested CVSS v2.0: AV:N/AC:L/Au:N/C:N/I:P/A:N/E:H/RL:O/RC:C

Problem Description: Failing to validate user provided input, the access
tracking mechanism allows redirects to arbitrary URLs.

Important Notes: To fix this vulnerability, we had to break existing
behaviour of TYPO3 sites that use the access tracking mechanism (jumpurl
feature) to transform links to external sites. The link generation has
been changed to include a hash that is checked before redirecting to an
external URL. This means that old links that have been distributed (e.g.
by a newsletter) will not work any more. If you are using the jumpurl
feature you need to do the following:
lookup more information on
http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-001/

-- 
 MfG, Christian Welzel

  GPG-Key:     http://www.camlann.de/de/pgpkey.html
  Fingerprint: 4F50 19BF 3346 36A6 CFA9 DBDC C268 6D24 70A1 AD15

--- End Message ---

--- Begin Message ---

Source: typo3-src
Source-Version: 4.3.9+dfsg1-1+squeeze8

We believe that the bug you reported is fixed in the latest version of
typo3-src, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 702...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Christian Welzel <gaw...@camlann.de> (supplier of updated typo3-src package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 09 Mar 2013 21:40:09 +0100
Source: typo3-src
Binary: typo3-src-4.3 typo3-database typo3
Architecture: source all
Version: 4.3.9+dfsg1-1+squeeze8
Distribution: squeeze-security
Urgency: high
Maintainer: Christian Welzel <gaw...@camlann.de>
Changed-By: Christian Welzel <gaw...@camlann.de>
Description: 
 typo3      - The enterprise level open source WebCMS (Meta)
 typo3-database - TYPO3 - The enterprise level open source WebCMS (Database)
 typo3-src-4.3 - TYPO3 - The enterprise level open source WebCMS (Core)
Closes: 702574
Changes: 
 typo3-src (4.3.9+dfsg1-1+squeeze8) squeeze-security; urgency=high
 .
   * Security patch backported from new upstream release 4.5.24 and 4.5.25:
     - fixes: "TYPO3 Security Bulletin TYPO3-CORE-SA-2013-001:
       Several Vulnerabilities in TYPO3 Core" (Closes: 702574)
     - fixes CVE-2013-1842 (SQL injection) and CVE-2013-1843 (Open redirection)
Checksums-Sha1: 
 13020865de3dc9cbbd3ad609670926f70bdf5580 1402 
typo3-src_4.3.9+dfsg1-1+squeeze8.dsc
 abcb52f739d01002614322888102c00adad62b72 144353 
typo3-src_4.3.9+dfsg1-1+squeeze8.debian.tar.gz
 1fa2f653362bf7ad5afc2e4587ed9c092b3697c3 11302900 
typo3-src-4.3_4.3.9+dfsg1-1+squeeze8_all.deb
 11615219725eaaf99aef14782fa110a2672ea144 202662 
typo3-database_4.3.9+dfsg1-1+squeeze8_all.deb
 0f154a259cdf76946073bdaff385965a85841c52 1258 
typo3_4.3.9+dfsg1-1+squeeze8_all.deb
Checksums-Sha256: 
 365084ad72d078a0393150e631cae1cd17aace3e0b99f0fc5f22da77b05e2c49 1402 
typo3-src_4.3.9+dfsg1-1+squeeze8.dsc
 374708b5721f231702046d80519cf569328df08fc17423890b0adaab6702b0c5 144353 
typo3-src_4.3.9+dfsg1-1+squeeze8.debian.tar.gz
 2dee997166b055e6a9ae3bb78f1f84ad5fadeb739f4feb9e78101a205cd8da0a 11302900 
typo3-src-4.3_4.3.9+dfsg1-1+squeeze8_all.deb
 76ee3f151217d66fb660fd4d6f5dcd2f17645d384dc752c52d1e68b9bae99b62 202662 
typo3-database_4.3.9+dfsg1-1+squeeze8_all.deb
 7786d55e4efeccc22f0bfaf2d4e24d381e8d7ee3cff639ef4c05af1a6c2bbe47 1258 
typo3_4.3.9+dfsg1-1+squeeze8_all.deb
Files: 
 9c36f8d9d0701bab824d7320f793d3cc 1402 web optional 
typo3-src_4.3.9+dfsg1-1+squeeze8.dsc
 bffcdb8ee756594d15da4beda1c5a65d 144353 web optional 
typo3-src_4.3.9+dfsg1-1+squeeze8.debian.tar.gz
 c2e6d43658ffdb20da706a469db4d111 11302900 web optional 
typo3-src-4.3_4.3.9+dfsg1-1+squeeze8_all.deb
 de214d868c5062cb8657fc76b2b5b219 202662 web optional 
typo3-database_4.3.9+dfsg1-1+squeeze8_all.deb
 427ac00372e00e27599bce8302eb73a3 1258 web optional 
typo3_4.3.9+dfsg1-1+squeeze8_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.19 (GNU/Linux)

iQEcBAEBCgAGBQJRQ1JQAAoJEG3bU/KmdcClh0gIAI0osGOKZirNZxe0auyZ0Qa6
9YfRpOAbPdz9mX9y97ikJz4iqVu9gsxvj2+031uUq0IjMzvz9jaQ371UMj5qtqpC
1LFQoyBXnmm4mj6Cn4re+auMCb4DIkZszpFK7gwyB+GusaKhL62MKjA48SDU8EE1
Slst5nmh28FtMLL2y84eEJ58+nneuzjO7C3hlSUgRLA4IJvUwOuJUNXwayvNjgtn
HbQQY5SXWB45U/Kiofaurbf+6WXehGBddBlX/3AWY5gz8y2VXmfBayZI3lALyp+T
1KzDvXoyjl1oW4QqHGLCL6NF9NyyRrzrucMd7mvWGisKleViT+CImd1qjlVvzic=
=YbjZ
-----END PGP SIGNATURE-----

--- End Message ---

Bug#702574: marked as done (TYPO3-CORE-SA-2013-001: SQL Injection and Open Redirection in TYPO3 Core (CVE-2013-1842, CVE-2013-1843))

Reply via email to