Mailinglist Archive: opensuse-updates (53 mails)

< Previous Next >
openSUSE-SU-2014:0813-1: moderate: typo3-cms-4_5: Update to 4.5.34 to fix eight security issues
openSUSE Security Update: typo3-cms-4_5: Update to 4.5.34 to fix eight
security issues
______________________________________________________________________________

Announcement ID: openSUSE-SU-2014:0813-1
Rating: moderate
References: #881280 #881281 #881282
Cross-References: CVE-2014-3941 CVE-2014-3942 CVE-2014-3943

Affected Products:
openSUSE 13.1
openSUSE 12.3
______________________________________________________________________________

An update that fixes three vulnerabilities is now available.

Description:

typo3-cms-4_5 was updated to version 4.5.34 to fix eight security
vulnerabilities and several other bugs.

These security problems where fixed:
* Add trusted HTTP_HOST configuration (CVE-2014-3941)
* XSS in (old) extension manager information function (CVE-2014-3943)
* XSS in new content element wizard (CVE-2014-3943)
* XSS in template tools on root page (CVE-2014-3943)
* XSS in Backend Layout Wizard (CVE-2014-3943)
* Encode URL for use in JavaScript (CVE-2014-3943)
* Fix insecure unserialize in colorpicker (CVE-2014-3942)
* Remove charts.swf to get rid of XSS vulnerability (CVE-2014-3943)


Patch Instructions:

To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

- openSUSE 13.1:

zypper in -t patch openSUSE-2014-429

- openSUSE 12.3:

zypper in -t patch openSUSE-2014-429

To bring your system up-to-date, use "zypper patch".


Package List:

- openSUSE 13.1 (noarch):

typo3-cms-4_5-4.5.34-2.4.1

- openSUSE 12.3 (noarch):

typo3-cms-4_5-4.5.34-2.8.1


References:

http://support.novell.com/security/cve/CVE-2014-3941.html
http://support.novell.com/security/cve/CVE-2014-3942.html
http://support.novell.com/security/cve/CVE-2014-3943.html
https://bugzilla.novell.com/881280
https://bugzilla.novell.com/881281
https://bugzilla.novell.com/881282


< Previous Next >
This Thread
  • No further messages