----------------------------------------------------------------------

Did you know that a change in our assessment rating, exploit code
availability, or if an updated patch is released by the vendor, is
not part of this mailing-list?

Click here to learn more:
http://secunia.com/advisories/business_solutions/

----------------------------------------------------------------------

TITLE:
Debian update for typo3-src

SECUNIA ADVISORY ID:
SA33679

VERIFY ADVISORY:
http://secunia.com/advisories/33679/

CRITICAL:
Highly critical

IMPACT:
Hijacking, Security Bypass, Cross Site Scripting, System access

WHERE:
>From remote

OPERATING SYSTEM:
Debian GNU/Linux 4.0
http://secunia.com/advisories/product/13844/
Debian GNU/Linux unstable alias sid
http://secunia.com/advisories/product/530/

DESCRIPTION:
Debian has issued an update for typo3-src. This fixes some
vulnerabilities, which can be exploited by malicious people to bypass
certain security restrictions, conduct cross-site scripting and
session fixation attacks, and compromise a vulnerable system.

For more information:
SA33617

SOLUTION:
Apply updated packages and regenerate the encryption key.

-- Debian GNU/Linux 4.0 alias etch --

Source archives:

http://security.debian.org/pool/updates/main/t/typo3-src/typo3-src_4.0.2+debian.orig.tar.gz
Size/MD5 checksum: 7683527 be509391b0e4d24278c14100c09dc673
http://security.debian.org/pool/updates/main/t/typo3-src/typo3-src_4.0.2+debian-7.diff.gz
Size/MD5 checksum: 23596 344f6b5ada56d361e274556d6d7eaf99
http://security.debian.org/pool/updates/main/t/typo3-src/typo3-src_4.0.2+debian-7.dsc
Size/MD5 checksum: 610 6b99cc9acd82ec6010a38006910169c9

Architecture independent packages:

http://security.debian.org/pool/updates/main/t/typo3-src/typo3_4.0.2+debian-7_all.deb
Size/MD5 checksum: 76924 33b4077e99038121aa5667a3a166d99e
http://security.debian.org/pool/updates/main/t/typo3-src/typo3-src-4.0_4.0.2+debian-7_all.deb
Size/MD5 checksum: 7691182 f5c8ecbf93c7af50b29b5ded8f455b75

-- Debian GNU/Linux unstable alias sid --

Fixed in version 4.2.5-1.

ORIGINAL ADVISORY:
DSA-1711-1:
http://lists.debian.org/debian-security-announce/2009/msg00019.html

OTHER REFERENCES:
SA33617:
http://secunia.com/advisories/33617/

----------------------------------------------------------------------

About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.

Subscribe:
http://secunia.com/advisories/secunia_security_advisories/

Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/


Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

----------------------------------------------------------------------

Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

----------------------------------------------------------------------