{"id":832,"date":"2012-03-19T22:05:29","date_gmt":"2012-03-19T21:05:29","guid":{"rendered":"http:\/\/www.cms-content-migration.de\/?p=832"},"modified":"2016-04-20T06:19:10","modified_gmt":"2016-04-20T04:19:10","slug":"movable-type-5-13-5-07-und-4-38-schliessen-sicherheitsluecken","status":"publish","type":"post","link":"https:\/\/www.media-deluxe.de\/blog\/2012\/03\/movable-type-5-13-5-07-und-4-38-schliessen-sicherheitsluecken\/","title":{"rendered":"Movable Type 5.13, 5.07 und 4.38 schlie\u00dfen Sicherheitsl\u00fccken"},"content":{"rendered":"<div class=\"teaserimg\"><img loading=\"lazy\" decoding=\"async\" src=\"\/_imag\/update-now-movabletype.png\" alt=\"Update NOW!\" title=\"Update NOW!\" width=\"60\" height=\"45\" class=\"alignleft\" \/><\/div>\n<div><strong class=\"abstract\">Die Blog-Software Movable Type schloss mit den Updates 5.13, 5.07 und 4.38 am 21. Februar mehrere Sicherheitsl\u00fccken. Inzwischen gibt es einen Patch f\u00fcr den \u201eTemplate load error\u201d, der durch die Updates entstand. <!--more--><\/strong><\/div>\n<h2>Internes Audit deckt zahlreiche Risiken auf<\/h2>\n<p>Am 21. Februar ver\u00f6ffentlichte das freie (GPL-Lizenz) Open Source Weblog Publishing System Movable Type die Sicherheits-Updates 5.13, 5.07 und 4.38, die mehrere, im Rahmen eines Security-Audits gefundene Sicherheitsl\u00fccken beseitigten. Die Spannweite der bei der internen Pr\u00fcfung entdeckten Risiken reichte von OS Command Injections, \u00fcber CSRF (Cross-Site Request Forgery) und Session Hijacking bis XSS (Cross-Site-Scripting). Betroffen waren die Versionen:<\/p>\n<ul>\n<li>Movable Type Open Source 4.38<\/li>\n<li>Movable Type Open Source 5.07<\/li>\n<li>Movable Type Open Source 5.13<\/li>\n<li>Movable Type 4.38 (mit Professional Pack und Community Pack)<\/li>\n<li>Movable Type 5.07 (mit Professional Pack und Community Pack)<\/li>\n<li>Movable Type 5.13 (mit Professional Pack und Community Pack)<\/li>\n<li>Movable Type Enterprise 4.38<\/li>\n<li>Movable Type Advanced 5.13<\/li>\n<\/ul>\n<h2>Template Load Error<\/h2>\n<p>In einigen F\u00e4llen traten nach dem Einspielen der Updates Probleme mit Template-Plugins auf (\u201eTemplate load error\u201d). Zur Behebung dieses Fehlers wurde am 1. M\u00e4rz ein <a href=\"http:\/\/www.movabletype.org\/documentation\/appendices\/release-notes\/513-patch-1.html#how-to-fix-your-plugin\" target=\"_blank\" rel=\"nofollow\">Patch<\/a> ver\u00f6ffentlicht.<\/p>\n<hr \/>\n<h3>Weiterf\u00fchrende Links<\/h3>\n<ul>\n<li>Announcement vom 21.02.2012: <a href=\"http:\/\/www.movabletype.org\/2012\/02\/movable_type_513_507_and_438_security_updates.html\" target=\"_blank\" rel=\"nofollow\">Movable Type 5.13, 5.07, and 4.38 Security Updates<\/a><\/li>\n<li>01.03.2012: <a href=\"http:\/\/www.movabletype.org\/2012\/03\/513_patch_1.html\" target=\"_blank\" rel=\"nofollow\">Movable Type 5.13, 5.07, and 4.38 patch to fix the plugin template load error<\/a><\/li>\n<li>Release Notes: <a href=\"http:\/\/www.movabletype.org\/documentation\/appendices\/release-notes\/513.html\" target=\"_blank\" rel=\"nofollow\">Movable Type 5.13, 5.07, and 4.38 Release Notes<\/a><\/li>\n<li>Release Notes: <a href=\"http:\/\/www.movabletype.org\/documentation\/appendices\/release-notes\/513-patch-1.html\" target=\"_blank\" rel=\"nofollow\">Movable Type 5.13, 5.07, and 4.38 patch to fix the plugin template load error<\/a><\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>Die Blog-Software Movable Type schloss mit den Updates 5.13, 5.07 und 4.38 am 21. Februar mehrere Sicherheitsl\u00fccken. Inzwischen gibt es einen Patch f\u00fcr den \u201eTemplate load error\u201d, der durch die Updates entstand.<\/p>\n","protected":false},"author":3,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[278,279],"tags":[295,11,244,362],"class_list":["post-832","post","type-post","status-publish","format-standard","hentry","category-cms-news","category-cms-sicherheitswarnungen","tag-blog-software","tag-cms","tag-content-management-systeme","tag-movable-type"],"_links":{"self":[{"href":"https:\/\/www.media-deluxe.de\/blog\/wp-json\/wp\/v2\/posts\/832","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.media-deluxe.de\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.media-deluxe.de\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.media-deluxe.de\/blog\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/www.media-deluxe.de\/blog\/wp-json\/wp\/v2\/comments?post=832"}],"version-history":[{"count":1,"href":"https:\/\/www.media-deluxe.de\/blog\/wp-json\/wp\/v2\/posts\/832\/revisions"}],"predecessor-version":[{"id":3877,"href":"https:\/\/www.media-deluxe.de\/blog\/wp-json\/wp\/v2\/posts\/832\/revisions\/3877"}],"wp:attachment":[{"href":"https:\/\/www.media-deluxe.de\/blog\/wp-json\/wp\/v2\/media?parent=832"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.media-deluxe.de\/blog\/wp-json\/wp\/v2\/categories?post=832"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.media-deluxe.de\/blog\/wp-json\/wp\/v2\/tags?post=832"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}