=====================================================================
                                   CERT-Renater

                        Note d'Information No. 2009/VULN429
_____________________________________________________________________

DATE                      : 23/10/2009

HARDWARE PLATFORM(S)      : /

OPERATING SYSTEM(S)       : Systems running TYPO3 Core versions 4.x
                              prior to 4.1.13, 4.2.10, 4.3beta2.

======================================================================
http://lists.typo3.org/pipermail/typo3-announce/2009/000129.html
http://lists.typo3.org/pipermail/typo3-announce/2009/000130.html
http://lists.typo3.org/pipermail/typo3-announce/2009/000131.html
______________________________________________________________________

Dear TYPO3 users,

It has been discovered that the TYPO3 Core is vulnerable to Cross-site
scripting, SQL-Injection, Remote shell command execution, Information
Disclosure and Insecure Install Tool authentication/session handling.


Please read this advisory for a description and solutions on all mentioned
issues:

TYPO3 Security Bulletin TYPO3-SA-2009-016: Multiple vulnerabilities in TYPO3
Core
<http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-016/>



In general the TYPO3 Security Team recommends to read the following pages:

The TYPO3 Security Cookbook:
<http://typo3.org/fileadmin/security-team/typo3_security_cookbook_v-0.5.pdf>

Make sure you are subscribed to the TYPO3 Announce List:
<http://lists.typo3.org/cgi-bin/mailman/listinfo/typo3-announce>

See all TYPO3 security advisories:
<http://typo3.org/teams/security/security-bulletins/>



Regards,

Helmut Hummel
Leader of the TYPO3 Security Team

--
TYPO3 Security Team homepage: http://typo3.org/teams/security/

E-Mail: security at typo3.org

Please note: when replying to this e-mail, please leave the header intact.

______________________________________________________________________

Dear TYPO3 users,

the TYPO3 core team has just released the TYPO3 versions 4.2.10 and
4.1.13, which are now ready for you to download. All versions are
maintenance releases and contain bugfixes and security fixes.

IMPORTANT:
These versions include important security fixes to the TYPO3 core. A
security announcement has just been released:
http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-016/

For details about the release, see:
http://wiki.typo3.org/index.php/TYPO3_4.2.10
http://wiki.typo3.org/index.php/TYPO3_4.1.13

MD5 checksums:
8c7f51b692db4123ce08c8f9f866337c  dummy-4.2.10.tar.gz
70cb78213644af03d54e13047bfb1639  dummy-4.2.10.zip
b53a1d9faeff6a872efa9104946cdb87  typo3_src-4.2.10.tar.gz
e600767e695b3b2771623b43dcb6da19  typo3_src-4.2.10.zip
492e4269223b671dd195b4d533daf3fb  typo3_src+dummy-4.2.10.zip

d255400c2434848a988402a70ac90af1  dummy-4.1.13.tar.gz
8e77717532f7d98662c49609d414a00a  dummy-4.1.13.zip
37c6fa87826e518aeba0289958770e1e  typo3_src-4.1.13.tar.gz
dc60d3ebde680e28c17fadfc89dc9b23  typo3_src-4.1.13.zip
77c0196371397d6a3fa22b1fa4d9ccb2  typo3_src+dummy-4.1.13.zip

Download:
http://typo3.org/download/packages/

Cheers,
Olly
-- 
Oliver Hader
TYPO3 Release Manager 4.3

_____________________________________________________________________

Dear TYPO3 community,

The TYPO3 Core Team is proud to announce the second beta release of
TYPO3 version 4.3. Since the previous beta version served as "feature
freeze", this release is more focused on bugfixes than new features.

IMPORTANT:
This version includes important security fixes to the TYPO3 Core. A
security announcement has just been released:
http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-016/

TYPO3 4.3-beta2 can be downloaded via:
  http://typo3.org/download/packages/

Please check out the release notes and changelog for a full list of new
features and improvements:
  http://news.typo3.org/news/article/typo3-43-beta-2/

MD5 checksums:
c755d67a8ee70cf0fd01a9071fdc0557  dummy-4.3.0beta2.tar.gz
5f7b91d54d1969e0591689dd49753c9b  dummy-4.3.0beta2.zip
2e78dc85cff04b9d67be85aaf3547ac2  typo3_src-4.3.0beta2.tar.gz
281ce971eae1f007828c95fd32bce0e6  typo3_src-4.3.0beta2.zip
36f6b7609e0c2858302dc77fb8d30579  typo3_src+dummy-4.3.0beta2.zip


Rock on!
Olly
-- 
Oliver Hader
TYPO3 Release Manager 4.3



======================================================================

          =========================================================
          Les serveurs de référence du CERT-Renater
          http://www.urec.fr/securite
          http://www.cru.fr/securite
          http://www.renater.fr
          =========================================================
          + CERT-RENATER          | tel : 01-53-94-20-44          +
          + 151 bd de l'Hopital   | fax : 01-53-94-20-41          +
          + 75013 Paris           | email: certsvp@renater.fr     +
          =========================================================