openSUSE Security Update : typo3-cms-4_5 (openSUSE-SU-2014:0813-1)

This script is Copyright (C) 2014 Tenable Network Security, Inc.


Synopsis :

The remote openSUSE host is missing a security update.

Description :

typo3-cms-4_5 was updated to version 4.5.34 to fix eight security
vulnerabilities and several other bugs.

These security problems where fixed :

- Add trusted HTTP_HOST configuration (CVE-2014-3941)

- XSS in (old) extension manager information function
(CVE-2014-3943)

- XSS in new content element wizard (CVE-2014-3943)

- XSS in template tools on root page (CVE-2014-3943)

- XSS in Backend Layout Wizard (CVE-2014-3943)

- Encode URL for use in JavaScript (CVE-2014-3943)

- Fix insecure unserialize in colorpicker (CVE-2014-3942)

- Remove charts.swf to get rid of XSS vulnerability
(CVE-2014-3943)

See also :

http://lists.opensuse.org/opensuse-updates/2014-06/msg00037.html
https://bugzilla.novell.com/show_bug.cgi?id=881280
https://bugzilla.novell.com/show_bug.cgi?id=881281
https://bugzilla.novell.com/show_bug.cgi?id=881282

Solution :

Update the affected typo3-cms-4_5 package.

Risk factor :

Medium / CVSS Base Score : 6.0
(CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P)

Family: SuSE Local Security Checks

Nessus Plugin ID: 76135 ()

Bugtraq ID:

CVE ID: CVE-2014-3941
CVE-2014-3942
CVE-2014-3943

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now