Описание
Security update for typo3-cms-4_7
This update for typo3-cms-4_7 fixes the following issues:
- CVE-2014-3941: Multiple vulnerabilities (TYPO3-CORE-SA-2014-001)
- CVE-2013-4701: Multiple vulnerabilities (TYPO3-CORE-SA-2014-002)
- CVE-2013-7073: Multiple vulnerabilities (TYPO3-CORE-SA-2013-004)
- other security fixes, e.g. preventing XSS attacks.
The package was updated to last upstream version (discontinued) 4.7.20
Список пакетов
openSUSE Leap 42.1
Ссылки
- E-Mail link for openSUSE-SU-2016:2114-1
- SUSE Security Ratings
Описание
Auth/Yadis/XML.php in PHP OpenID Library 2.2.2 and earlier allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via XRDS data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
Затронутые продукты
Ссылки
- CVE-2013-4701
- SUSE Bug 1082714
Описание
The Content Editing Wizards component in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6 does not check permissions, which allows remote authenticated editors to read arbitrary TYPO3 table columns via unspecified parameters.
Затронутые продукты
Ссылки
- CVE-2013-7073
- SUSE Bug 1082714
Описание
TYPO3 4.5.0 before 4.5.34, 4.7.0 before 4.7.19, 6.0.0 before 6.0.14, 6.1.0 before 6.1.9, and 6.2.0 before 6.2.3 allows remote attackers to have unspecified impact via a crafted HTTP Host header, related to "Host Spoofing."
Затронутые продукты
Ссылки
- CVE-2014-3941
- SUSE Bug 1082714
- SUSE Bug 881282