Alerts This Week
Warning Icon 1 692
Alerts This Week
Warning Icon 1 692

Fedora 38: 2023-199edf23f0 Moderate: Cross Site Scripting in php-Smarty

fedora
Calendar Grey April 15, 2023
Dist Fedora Esm H88
An important update for the Fedora 38 php-Smarty package addresses a cross-site scripting vulnerability linked to improper JavaScript escaping, urging users to upgrade for enhanced security.
## [3.1.48] - 2023-03-28 ### Security - Fixed Cross site scripting vulnerability in Javascript escaping

Summary

Smarty is a template engine for PHP, facilitating the separation of

presentation (HTML/CSS) from application logic. This implies that PHP

code is application logic, and is separated from the presentation.

Autoloader: /usr/share/php/Smarty/autoload.php

## [3.1.48] - 2023-03-28 ### Security - Fixed Cross site scripting

vulnerability in Javascript escaping. This addresses CVE-2023-28447. ### Fixed

- Output buffer is now cleaned for internal PHP errors as well, not just for

Exceptions [#514](https://github.com/smarty-php/smarty/issues/514)

* Mon Apr 3 2023 Shawn Iwinski - 3.1.48-1

- Update to 3.1.48

- CVE-2023-28447 (RHBZ #2183911, 2183912, 21839123, 21839124)

[ 1 ] Bug #2183912 - CVE-2023-28447 php-Smarty: Cross site scripting vulnerability in Javascript escaping [epel-7]

https://bugzilla.redhat.com/show_bug.cgi?id=2183912

[ 2 ] Bug #2183913 - CVE-2023-28447 php-Smarty: Cross site scripting vulnerability in Javascript escaping [fedora-36]

https://bugzilla.redhat.com/show_bug.cgi?id=2183913

[ 3 ] Bug #2183914 - CVE-2023-28447 php-Smarty: Cross site scripting vulnerability in Javascript escaping [fedora-37]

https://bugzilla.redhat.com/show_bug.cgi?id=2183914

su -c 'dnf upgrade --advisory FEDORA-2023-199edf23f0' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/

Do not reply to spam, report it:

Topics%20covered

Topics Covered

security advisory update Fedora cross site scripting security fix php Smarty

Change Log

References

Update Instructions

Severity
important
Lowest
Low
Medium
High
Critical

Product: Fedora 38
Version: 3.1.48
Release: 1.fc38
URL: https://www.smarty.net/
Summary: Smarty - the compiling PHP template engine

Topics%20covered

Topics Covered

security advisory update Fedora cross site scripting security fix php Smarty

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here