Thursday, March 27, 2025

[USN-7377-1] Smarty vulnerability

-----BEGIN PGP SIGNATURE-----

wsF5BAABCAAjFiEEyMDHOTG0YH5UsajI8pSCVQZYHygFAmfloTUFAwAAAAAACgkQ8pSCVQZYHyiZ
3A//dvqpXz0LzQLB317EJr4GgornEwxwV5CwisJEn5slPti2wFJtjbVDzK6FWtReYoUDKkRpE8EK
kcfp1EtnpdxAPRpORg3PTp/56A7VAmxhbif++FK9cPZH8NIa24Gh3XIRA6PIzf1COq+137qBqkea
073y9GguFmvZQAC4UJWyJXX6rb9vBkK6jrytYMFaMwJM0HFrPLITgA+exZ+ck8kXXKzpEaGO/qW9
jSam/wxAn9dpHMvZtiki3nUmHwebUBdG95dGg//KsygChB4gxhzGD8t6JQ0Y2MHCnrqa/H+HxjRw
KRTPhPy0vyBAzkwXgCWPYGbARmcoNf4oFfrrFf8bmJ/O3QD4OtxZqkPpaYaZCAYuwoSVfUa92pzG
6kzJPx4/RHsx+hc4UG9M3DAtI9ZUjVE9TUpz0dgHOzrgl4w8xjBKsr015iMWNzj16f6BaZANgyXV
IrrIqAv76JlQwNQw1OjKPzwO1yAECGwirz5D77VtTF/9jknFjj/8bus3zjbFb3pJX1Uj/pFu77EE
43jiFkrzF77HGb8BGnDpR59wnocMiZos3DJNFfFuicqWNJ1JUD2QHQrmNdWG23D3JetxOaT3l2qC
FS19ImrbJ/wPw5Wt0cCAWXCYw64MJxz3A689QKZgntuCn4UuWLurJpJV6aVNGxYEceNr+Ue9sqB2
ufo=
=pY8l
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-7377-1
March 27, 2025

smarty vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 24.10
- Ubuntu 24.04 LTS

Summary:

Smarty could be made to crash or run programs if it opened a specially
crafted file.

Software Description:
- smarty4: The compiling PHP template engine

Details:

It was discovered that Smarty did not properly sanitize template file
names. An attacker could possibly use this issue to cause Smarty to
crash, resulting in a denial of service, or possibly execute arbitrary
code.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.10
  smarty4                         4.3.1-1ubuntu0.24.10.1

Ubuntu 24.04 LTS
  smarty4                         4.3.1-1ubuntu0.24.04.1

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-7377-1
  CVE-2024-35226

Package Information:
https://launchpad.net/ubuntu/+source/smarty4/4.3.1-1ubuntu0.24.10.1
https://launchpad.net/ubuntu/+source/smarty4/4.3.1-1ubuntu0.24.04.1

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)