Stay Secure with the Latest Linux Advisories

security advisorycriticalFedora

Fedora 11: CVE-2009-1669 Critical: Php-Smarty Command Execution Issue

CVE-2009-1669. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2009-5520 2009-05-27 01:31:21 -------------------------------------------------------------------------------- Name : php-Smarty Product : Fedora 11 Version : 2.6.25 Release : 1.fc11 URL : Summary : Template/Presentation Framework for PHP Description : Although Smarty is known as a "Template Engine", it would be more accurately described as a "Template/Presentation Framework." That is, it provides the programmer and template designer with a wealth of tools to automate tasks commonly dealt with at the presentation layer of an application. I stress the word Framework because Smarty is not a simple tag-replacing template engine. Although it can be used for such a simple purpose, its focus is on quick and painless development and deployment of your application, while maintaining high-performance, scalability, security and future growth. -------------------------------------------------------------------------------- Update Information: CVE-2009-1669 -------------------------------------------------------------------------------- ChangeLog: * Mon May 25 2009 Christopher Stone 2.6.25-1 - Upstream sync -------------------------------------------------------------------------------- References: [ 1 ] Bug #501564 - CVE-2009-1669 Smarty: arbitrary commands execution via shell metacharacters in the equation attribute of the math function https://bugzilla.redhat.com/show_bug.cgi?id=501564 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update php-Smarty' at the command line. For more information, refer to "Managing Software with yum", available at . All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be foundat https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ Fedora-package-announce mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./ . Fedora 11 users, a new php-Smarty update is available to fix vulnerabilities linked to CVE-2009-1669. Updating is vital for your system's security and integrity. Fedora Update, php-Smarty, PHP Template Framework, Command Execution. . Severity: Critical. LinuxSecurity.com Team

May 27, 2009 •Critical Fedora