2016
2015
2014
2013
2012
2011
2010
2009
2008
2007
2006
2005

Important Security-Bulletin Pre-Announcement

May 20, 2016

Author: Helmut Hummel
Keywords: critical vulnerability, bulletin, pre-announcement

TYPO3 releases containing a fix for a critical vulnerability will be published Tuesday 24th of May at about 10:00 a.m. CEST (08:00 a.m. GMT).

[UPDATE] Add clarification regarding TYPO3 4.5

The TYPO3 security team has identified a critical security issue in the TYPO3 CMS Core.

All TYPO3 versions from 4.x to 8.1 are affected by this vulnerability. This means also TYPO3 version 4.5 (including 4.5 ELTS) is affected by this vulnerability.

Besides regular releases for supported branches (TYPO3 6.2.x, TYPO3 7.6.x, TYPO3 8.x), we will also provide patches for affected but unmaintained TYPO3 versions, because of the severity of this vulnerability.

Be prepared to update all your TYPO3 installations next Tuesday!

Please understand that we cannot provide any further information until the advisory has been published.

 

CVSS v2.0 data on the to be released advisory:

AV:N/AC:M/Au:N/C:C/I:C/A:C/E:F/RL:O/RC:C (Base Score: 9.3, Temporal Score: 7.7)


Add comment

Please log in or sign up to comment.