Mailinglist Archive: opensuse-updates (53 mails)

< Previous Next >
openSUSE-SU-2014:0813-1: moderate: typo3-cms-4_5: Update to 4.5.34 to fix eight security issues
openSUSE Security Update: typo3-cms-4_5: Update to 4.5.34 to fix eight
security issues

Announcement ID: openSUSE-SU-2014:0813-1
Rating: moderate
References: #881280 #881281 #881282
Cross-References: CVE-2014-3941 CVE-2014-3942 CVE-2014-3943

Affected Products:
openSUSE 13.1
openSUSE 12.3

An update that fixes three vulnerabilities is now available.


typo3-cms-4_5 was updated to version 4.5.34 to fix eight security
vulnerabilities and several other bugs.

These security problems where fixed:
* Add trusted HTTP_HOST configuration (CVE-2014-3941)
* XSS in (old) extension manager information function (CVE-2014-3943)
* XSS in new content element wizard (CVE-2014-3943)
* XSS in template tools on root page (CVE-2014-3943)
* XSS in Backend Layout Wizard (CVE-2014-3943)
* Encode URL for use in JavaScript (CVE-2014-3943)
* Fix insecure unserialize in colorpicker (CVE-2014-3942)
* Remove charts.swf to get rid of XSS vulnerability (CVE-2014-3943)

Patch Instructions:

To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

- openSUSE 13.1:

zypper in -t patch openSUSE-2014-429

- openSUSE 12.3:

zypper in -t patch openSUSE-2014-429

To bring your system up-to-date, use "zypper patch".

Package List:

- openSUSE 13.1 (noarch):


- openSUSE 12.3 (noarch):



< Previous Next >
This Thread
  • No further messages