Mageia 6 Security Advisory: 2018-0403 Moderate Path Traversal Risk
mageia
October 19, 2018
Smarty 3.1.32 or below is prone to a path traversal vulnerability due to insufficient template code sanitization
Summary
Smarty 3.1.32 or below is prone to a path traversal vulnerability due to
insufficient template code sanitization. This allows attackers controlling
the executed template code to bypass the trusted directory security
restriction and read arbitrary files (CVE-2018-13982).
References
- https://bugs.mageia.org/show_bug.cgi?id=23592
- https://www.openwall.com/lists/oss-security/2018/09/17/4
- https://www.cve.org/CVERecord?id=CVE-2018-13982
Topics Covered
Resolution
SRPMS
- 6/core/php-smarty-3.1.33-1.2.mga6
PREVIOUS
NEXT
Severity
important
Lowest
Low
Medium
High
Critical
Publication date: 19 Oct 2018
URL: https://advisories.mageia.org/MGASA-2018-0403.html
Type: security
CVE: CVE-2018-13982
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!