Описание
Security update for typo3-cms-4_5
This update for typo3-cms-4_5 fixes the following issues:
- CVE-2015-2047: Authentication Bypass (TYPO3-CORE-SA-2015-001)
- CVE-2014-9508: Link spoofing and cache poisoning (TYPO3-CORE-SA-2014-003)
- TYPO3-CORE-SA-2014-002: Multiple Vulnerabilities
- CVE-2013-7073: Multiple vulnerabilities (TYPO3-CORE-SA-2013-004)
This update contains the last upstream release 4.5.40, LTS discontinued since 04.2015.
Список пакетов
openSUSE Leap 42.1
Ссылки
- E-Mail link for openSUSE-SU-2016:2169-1
- SUSE Security Ratings
Описание
The Content Editing Wizards component in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6 does not check permissions, which allows remote authenticated editors to read arbitrary TYPO3 table columns via unspecified parameters.
Затронутые продукты
Ссылки
- CVE-2013-7073
- SUSE Bug 1082714
Описание
The frontend rendering component in TYPO3 4.5.x before 4.5.39, 4.6.x through 6.2.x before 6.2.9, and 7.x before 7.0.2, when config.prefixLocalAnchors is set and using a homepage with links that only contain anchors, allows remote attackers to change URLs to arbitrary domains for those links via unknown vectors.
Затронутые продукты
Ссылки
- CVE-2014-9508
Описание
The rsaauth extension in TYPO3 4.3.0 through 4.3.14, 4.4.0 through 4.4.15, 4.5.0 through 4.5.39, and 4.6.0 through 4.6.18, when configured for the frontend, allows remote attackers to bypass authentication via a password that is casted to an empty value.
Затронутые продукты
Ссылки
- CVE-2015-2047
- SUSE Bug 919006