Debian 10261 Published by

Samba and typo3-src security updates are available for Debian GNU/Linux



[SECURITY] [DSA 2290-1] samba security update
- -------------------------------------------------------------------------
Debian Security Advisory DSA-2290-1 security@debian.org
Debian -- Security Information Florian Weimer
August 07, 2011 Debian -- Debian security FAQ
- -------------------------------------------------------------------------

Package : samba
Vulnerability : cross-site scripting
Problem type : remote
Debian-specific: no
CVE ID : CVE-2011-2522 CVE-2011-2694

The Samba Web Administration Tool (SWAT) contains several cross-site
request forgery (CSRF) vulnerabilities (CVE-2011-2522) and a
cross-site scripting vulnerability (CVE-2011-2694).

For the oldstable distribution (lenny), these problems have been fixed in
version 2:3.2.5-4lenny15.

For the stable distribution (squeeze), these problems have been fixed
in version 2:3.5.6~dfsg-3squeeze5.

For the testing distribution (wheezy) and the unstable distribution
(sid), these problems have been fixed in version 2:3.5.10~dfsg-1.

We recommend that you upgrade your samba packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: Debian -- Security Information
[SECURITY] [DSA 2289-1] typo3-src security update
- -------------------------------------------------------------------------
Debian Security Advisory DSA-2289-1 security@debian.org
Debian -- Security Information Florian Weimer
August 07, 2011 Debian -- Debian security FAQ
- -------------------------------------------------------------------------

Package : typo3-src
Vulnerability : several
Problem type : remote
Debian-specific: no
Debian Bug : 635937

Several remote vulnerabilities have been discovered in the TYPO3 web
content management framework: cross-site scripting, information
disclosure, authentication delay bypass, and arbitrary file deletion.
More details can be found in the Typo3 security advisory:
Error!
- -001/

For the oldstable distribution (lenny), these problems have been fixed in
version 4.2.5-1+lenny8.

For the stable distribution (squeeze), these problems have been fixed in
version 4.3.9+dfsg1-1+squeeze1.

For the testing distribution (wheezy) and the unstable distribution
(sid), these problems have been fixed in version 4.5.4+dfsg1-1.

We recommend that you upgrade your typo3-src packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: Debian -- Security Information