Ops One AG platform status and maintenance announcements. Times are indicated in local Swiss time. http://opsone.ch/.

Tuesday 28th July 2020

Managed Server Version 7: TYPO3-PSA-2020-001: Critical vulnerability in TYPO3 CMS 6.2

It has been discovered that an internal verification mechanism can be used to generate arbitrary checksums. This allows to inject arbitrary data having a valid cryptographic message authentication code (HMAC-SHA1) and can lead to various attack chains.

Due to the seriousness and ease of exploitation of this vulnerability and the still widespread use of TYPO3 6.2, we have decided to make this update available to all TYPO3 6.2 users, not just TYPO3 ELTS 6.2 customers.

For details, see https://typo3.org/security/advisory/typo3-psa-2020-001.

Reference #897