Securing TYPO3: installing current updates
Today TYPO3 security updates for TYPO3 CMS Core were released. Affected are the versions 4.5, 4.7, 6.0, 6.1 and 6.2.
In total the update fixes the following 7 vulnerabilities: Cross-Site Scripting, Insecure Unserialize, Improper Session Invalidation, Authentication Bypass, Information Disclosure and Host Spoofing. The security risk is indicated from "low" to "medium".
Attention:
Unlike usual, to defend against "host spoofing" you have to check the settings of the web server in addition to installing the update! So this time read the additional information of the security bulletin!
Critical Powermail vulnerabilities
And Powermail also got a security update today (night). Arbitrary Code Execution and Cross-Site Scripting is possible. Affected are the versions up to and including 2.0.13 as well as 1.6.10 and all previous versions.
Further information:
Arbitrary code execution in extension "powermail" (powermail)
