[TYPO3-UG Russia] Fwd: [TYPO3-announce] Vulnerabilities in multiple third party TYPO3 CMS extensions

Tue Feb 18 08:30:33 CET 2014

А когда он бывал хороший? :)

Michael Shigorin wrote:
> 	Здравствуйте.
> М-да, нехороший списочек получился.
>
> mm_forum: Arbitrary Code Execution ...
> tt_news: Insecure Unserialize
> femanager: Privilege Escalation
>
> ----- Forwarded message from TYPO3 Security Team<security at typo3.org>  -----
>
> Date: Wed, 12 Feb 2014 12:27:07 +0100
> From: TYPO3 Security Team<security at typo3.org>
> To: "TYPO3 Announcement List, readonly"<typo3-announce at lists.typo3.org>
> Subject: [TYPO3-announce] Vulnerabilities in multiple third party TYPO3 CMS
> 	extensions
> X-Mailer: Apple Mail (2.1827)
>
> Dear TYPO3 users,
>
> Several vulnerabilities have been found in the following third party TYPO3
> extensions:
>
> mm_forum (mm_forum)
> News (tt_news)
> Direct Mail Subscription (direct_mail_subscription)
> Yet Another Gallery (yag)
> Tools for Extbase development (pt_extbase)
>
> Alphabetic Sitemap (alpha_sitemap)
> femanager (femanager)
> Statistics (ke_stats)
> External links click statistics (outstats)
> TYPO3 Security / Intrusion Detection System (px_phpids)
> smarty (smarty)
> WEC Map (wec_map)
>
>
> For further information on the issue in the extension mm_forum (mm_forum), please read the related advisory TYPO3-EXT-SA-2014-001 that was published today: http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2014-001/
>
> For further information on the issue in the extension News (tt_news), please read the related advisory TYPO3-EXT-SA-2014-003 that was published today: http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2014-003/
>
> For further information on the issue in the extension Direct Mail Subscription (direct_mail_subscription), please read the related advisory TYPO3-EXT-SA-2014-004 that was published today: http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2014-004/
>
> For further information on the issue in the extensions Yet Another Gallery (yag) and Tools for Extbase development (pt_extbase), please read the related advisory TYPO3-EXT-SA-2014-005 that was published today: http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2014-005/
>
>
> The Collective Security Bulletin TYPO3-EXT-SA-2014-002 for the remaining extensions was also published today: http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2014-002/
>
>
>
> In general the TYPO3 Security Team recommends to read the following pages:
>
> The TYPO3 Security Guide:
> http://docs.typo3.org/typo3cms/SecurityGuide/
>
> Make sure you are subscribed to the TYPO3 Announce List:
> http://lists.typo3.org/cgi-bin/mailman/listinfo/typo3-announce
>
> See all TYPO3 security advisories:
> http://typo3.org/teams/security/security-bulletins/
>
>
>
> Regards,
>
> Helmut Hummel
> Leader of the TYPO3 Security Team
>
> --
> TYPO3 Security Team homepage: http://typo3.org/teams/security/
>
> E-Mail: security at typo3.org
>
> _______________________________________________
> TYPO3-announce mailing list
> TYPO3-announce at lists.typo3.org
> http://lists.typo3.org/cgi-bin/mailman/listinfo/typo3-announce
>
> ----- End forwarded message -----
>

-- 
Dmitry Dulepov

Today is a good day to have a good day.