[TYPO3-UG Dutch] security issues
dick hoogendijk
dick at nagual.nl
Sat Jan 24 19:55:30 CET 2009
Ik wil eigenlijk gewoon weten of ik voor een langer bestaande TYPO3
site ook een nieuwe encryption key moet maken, zoals vermeld in het
onderstaande fragment uit het security bulletin.
Vulnerable subcomponent #1: System extension Install tool (install)
Vulnerability Types: Insecure Randomness
Severity: High
Problem Description: TYPO3-wide used encryption key is created with an
insufficiently random seed which results in a low entropy.
Solution: Update to the TYPO3 versions 4.0.10, 4.1.8 or 4.2.4 that fix
the problem described.
You will need to create a new encryption key! Therefore upgrade to the
new TYPO3 version, clear the configuration cache, open the install tool
and choose menu 1 ("Basic Configuration"). Scroll to the bottom of the
page and click on the button "Generate random key". Submit the form by
clicking on "Update localconf.php".
Afterwards, clear the configuration and page cache again!
--
Dick Hoogendijk -- PGP/GnuPG key: 01D2433D
+ http://nagual.nl/ | SunOS sxce snv105 ++
+ All that's really worth doing is what we do for others (Lewis Carrol)
More information about the TYPO3-UG-dutch
mailing list