[TYPO3-announce] Remote Code Execution and Denial of Service Vulnerabilities found in TYPO3 Core
TYPO3 Security Team
security at typo3.org
Wed Oct 22 10:53:46 CEST 2014
Dear TYPO3 users!
It has been discovered that TYPO3 Core had Remote Code Execution and Denial of Service Vulnerabilities.
Only TYPO3 installations with openid extension enabled or "sendmail" transport mail configuration (both not enabled by default) are affected.
For more details on the issues please read the accordant advisory:
TYPO3 Security Bulletin TYPO3-CORE-SA-2014-002: TYPO3-CORE-SA-2014-002: Multiple Vulnerabilities in TYPO3 CMS
http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-002/
In general the TYPO3 Security Team recommends to read the following pages:
The TYPO3 Security Guide:
http://docs.typo3.org/typo3cms/SecurityGuide/
See all TYPO3 security advisories:
http://typo3.org/teams/security/security-bulletins/
Regards,
Helmut Hummel
Member of the TYPO3 Security Team
_______________________________________________
TYPO3-announce mailing list
TYPO3-announce at lists.typo3.org
http://lists.typo3.org/cgi-bin/mailman/listinfo/typo3-announce
More information about the TYPO3-announce
mailing list