Ubuntu alert USN-7158-1 (smarty3)
| From: | Paulo Flabiano Smorigo <pfsmorigo@canonical.com> | |
| To: | ubuntu-security-announce@lists.ubuntu.com | |
| Subject: | [USN-7158-1] Smarty vulnerabilities | |
| Date: | Thu, 12 Dec 2024 21:46:19 -0300 | |
| Message-ID: | <20241213004619.r4kfzlxqksem5djb@morty> |
========================================================================== Ubuntu Security Notice USN-7158-1 December 12, 2024 smarty3 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 24.10 - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS Summary: Several security issues were fixed in Smarty. Software Description: - smarty3: The compiling PHP template engine Details: It was discovered that Smarty incorrectly handled query parameters in requests. An attacker could possibly use this issue to inject arbitrary Javascript code, resulting in denial of service or potential execution of arbitrary code. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS and Ubuntu 24.04 LTS. (CVE-2018-25047, CVE-2023-28447) It was discovered that Smarty did not properly sanitize user input when generating templates. An attacker could, through PHP injection, possibly use this issue to execute arbitrary code. (CVE-2024-35226) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 24.10 smarty3 3.1.48-1ubuntu0.24.10.1 Ubuntu 24.04 LTS smarty3 3.1.48-1ubuntu0.24.04.1 Ubuntu 22.04 LTS smarty3 3.1.39-2ubuntu1.22.04.2 Ubuntu 20.04 LTS smarty3 3.1.34+20190228.1.c9f0de05+selfpack1-1ubuntu0.1 Ubuntu 18.04 LTS smarty3 3.1.31+20161214.1.c7d42e4+selfpack1-3ubuntu0.1+esm1 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-7158-1 CVE-2018-25047, CVE-2023-28447, CVE-2024-35226 Package Information: https://launchpad.net/ubuntu/+source/smarty3/3.1.48-1ubun... https://launchpad.net/ubuntu/+source/smarty3/3.1.48-1ubun... https://launchpad.net/ubuntu/+source/smarty3/3.1.39-2ubun... https://launchpad.net/ubuntu/+source/smarty3/3.1.34+20190...
Attachment: signature.asc (type=application/pgp-signature)
-----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEEkCdEQ5T6DutSveCybUp5kL3izGYFAmdbg9cACgkQbUp5kL3i zGbRGQ//YL95df9DtyTnjbGl/6TUaeNHAgE3VjiXLcFSdxAplzw/20c1Yz3kf8wx R7Ow6Yix8J9yHqZ2VFkc6a9XPQE3FPQ9Ffd4/ccZ0n+1i+6aUQ8OXCAYs8dTWnFe /6mOsmj5m6J0HcJKgXFHQ8C2vsmUTMVrKF975MEvk7GDOr8BZ5vWral+j6Mf9gQt R+Tt5Z77x3dwu+cjDKYDRWn/98LL0VD/WSJiSq//XTmGcfOY04VE3x6mr6d+ZO6Y y5L01DmIA5IeMAhJr+9y4dx5SSFD4kJLhchB2vt13BpIsB3ke1mkY5OV0el1dMwE PK406Ar6eUfwELZkEGzP+yXzOd/k82GL4C2jpg3lBOTQ9jQeg0nzVQXEaR7636EG fxKfNgOTXVbja47EwBMKCQ60j7xYGojFXoK8qgbFhH6rHxDCMO5dtY+eNKZJiFNk tyAL7UzVI6q90DjnJjjjOWng5JloOhnkV2fzQvtUAToxHx5dctOLZZwn4pHmYonh Wt+aPhxrF+f9Bj3qVnmxTqnqJdW760gCy+vo+LjEKJ5lJgMyHSau7HzPOsLu69mA xGK7urZChd6w6ZLGY0vciqIP6SN3CNxr6evhe9sefXpDqE68+34nIw8/MZaxj9Nh XZxMDnH8h9cbPn2rr4FZTlxPnjTCvK5oiSkZSGyiUGN2NqaZO6A= =R3n4 -----END PGP SIGNATURE-----
Attachment: None (type=text/plain)