Ubuntu 24.10 LTS: USN-7158-1 critical: smarty denial of service
ubuntu
December 13, 2024
Several security issues were fixed in Smarty.
Summary
Several security issues were fixed in Smarty.
Software Description:
- smarty3: The compiling PHP template engine
Details:
It was discovered that Smarty incorrectly handled query parameters in
requests. An attacker could possibly use this issue to inject arbitrary
Javascript code, resulting in denial of service or potential execution of
arbitrary code. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04
LTS, Ubuntu 22.04 LTS and Ubuntu 24.04 LTS.
(CVE-2018-25047, CVE-2023-28447)
It was discovered that Smarty did not properly sanitize user input when
generating templates. An attacker could, through PHP injection, possibly
use this issue to execute arbitrary code. (CVE-2024-35226)
Update Instructions
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 24.10
smarty3 3.1.48-1ubuntu0.24.10.1
Ubuntu 24.04 LTS
smarty3 3.1.48-1ubuntu0.24.04.1
Ubuntu 22.04 LTS
smarty3 3.1.39-2ubuntu1.22.04.2
Ubuntu 20.04 LTS
smarty3 3.1.34+20190228.1.c9f0de05+selfpack1-1ubuntu0.1
Ubuntu 18.04 LTS
smarty3 3.1.31+20161214.1.c7d42e4+selfpack1-3ubuntu0.1+esm1
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.References
https://ubuntu.com/security/notices/USN-7158-1
CVE-2018-25047, CVE-2023-28447, CVE-2024-35226
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Ubuntu Security Notice USN-7158-1
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!