Alerts This Week
Warning Icon 1 562
Alerts This Week
Warning Icon 1 562

Stay Secure with the Latest Linux Advisories

Ubuntu Large Esm H800
Ubuntu

Ubuntu 26.04 LTS python-pip Moderate DoS Regression Fix USN-8344-3

Calendar White Jun 03, 2026
Important
Ubuntu Large Esm H900
Ubuntu

Ubuntu 20.04 LTS GStreamer Base Significant DoS Attack Vulnerability Alert

Calendar White Jun 03, 2026
Important
Ubuntu Large Esm H900
Ubuntu

Ubuntu 20.04 LTS MySQL Important Security Issues USN-8363-2

Calendar White Jun 03, 2026
Important
Ubuntu Large Esm H800
Ubuntu

Ubuntu 20.04 LTS nginx Security Advisory for Critical DoS Vulnerabilities

Calendar White Jun 03, 2026
Critical
Oracle Large Esm H900
Oracle

Oracle Linux 8 gnutls Important Buffer Overflow Auth Bypass ELSA-2026-20611

Calendar White Jun 03, 2026
Important
Oracle Large Esm H900
Oracle

Oracle Linux 8 ELSA-2026-22315 compat-openssl10 Moderate DoS Fix

Calendar White Jun 02, 2026
moderate
Oracle Large Esm H800
Oracle

Oracle Linux 8 httpd Important Denial of Service Vuln ELSA-2026-22140

Calendar White Jun 02, 2026
Important
Oracle Large Esm H900
Oracle

Oracle Linux 8 Important Kernel Security Advisory ELSA-2026-21706

Calendar White Jun 02, 2026
Important
Fedora Large Esm H900
Fedora

Fedora 43 hplip Major Update Addressing Possible Arbitrary Code Execution

Calendar White Jun 02, 2026
Important
Filter Icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":545,"type":"x","order":1,"pct":78.42,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.32,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.89,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.37,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found 0 articles for you...
197
Ls Advisories Deblts Esm H240
Price Tag 1security advisoryupdateXSS

Debian 11: DLA-3956-1 critical advisory for smarty3 XSS vulnerabilities

Multiple vulnerabilties were discovered for smarty3, a widely-used PHP templating engine, which potentially allows an attacker to perform an XSS (e.g JavaScript or PHP code injection). . ------------------------------------------------------------------------- Debian LTS Advisory DLA-3956-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/lts/security/ Tobias Frost November 17, 2024 https://wiki.debian.org/LTS ------------------------------------------------------------------------- Package : smarty3 Version : 3.1.39-2+deb11u2 CVE ID : CVE-2018-25047 CVE-2023-28447 CVE-2024-35226 Debian Bug : 1019897 1033964 1072530 Multiple vulnerabilties were discovered for smarty3, a widely-used PHP templating engine, which potentially allows an attacker to perform an XSS (e.g JavaScript or PHP code injection). CVE-2018-25047 In Smarty before 3.1.47 and 4.x before 4.2.1, libs/plugins/function.mailto.php allows XSS. A web page that uses smarty_function_mailto, and that could be parameterized using GET or POST input parameters, could allow injection of JavaScript code by a user. CVE-2023-28447 In affected versions smarty did not properly escape javascript code. An attacker could exploit this vulnerability to execute arbitrary JavaScript code in the context of the user's browser session. This may lead to unauthorized access to sensitive user data, manipulation of the web application's behavior, or unauthorized actions performed on behalf of the user. Users are advised to upgrade to either version 3.1.48 or to 4.3.1 to resolve this issue. There are no known workarounds for this vulnerability. CVE-2024-35226 In affected versions template authors could inject php code by choosing a malicious file name for an extends-tag. Sites that cannot fully trust template authors should update asap. All users are advised to update. There is no patch for users on the v3branch. There are no known workarounds for this vulnerability. For Debian 11 bullseye, these problems have been fixed in version 3.1.39-2+deb11u2. We recommend that you upgrade your smarty3 packages. Please note you will have to clear out all smarty generated files after installing the update, by default in a templates_c directory. For the detailed security status of smarty3 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/smarty3 Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . Debian addresses numerous vulnerabilities related to XSS in smarty3. Update your system to safeguard your online platforms and avert potential code execution attacks.. smarty3 security update, debian advisory, PHP security, XSS vulnerabilities. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Nov 17, 2024 Critical Debian LTS
172
Ls Advisories Ubuntu Esm H240
Price Tag 1security advisoryremote code executionubuntu

Ubuntu 22.10 & 22.04 LTS USN-6012-1 Moderate: Smarty Template Exploit

Smarty could be made to crash or run programs if it received a specially crafted template.. =========================================================================Ubuntu Security Notice USN-6012-1 April 13, 2023 smarty3 vulnerability ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 22.10 - Ubuntu 22.04 LTS Summary: Smarty could be made to crash or run programs if it received a specially crafted template. Software Description: - smarty3: The compiling PHP template engine Details: It was discovered that Smarty incorrectly parsed blocks' names and included files' names. A remote attacker with template writing permissions could use this issue to execute arbitrary PHP code. (CVE-2022-29221) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 22.10: smarty3 3.1.39-2ubuntu1.22.10.1 Ubuntu 22.04 LTS: smarty3 3.1.39-2ubuntu1.22.04.1 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-6012-1 CVE-2022-29221 Package Information: https://launchpad.net/ubuntu/+source/smarty3/3.1.39-2ubuntu1.22.10.1 https://launchpad.net/ubuntu/+source/smarty3/3.1.39-2ubuntu1.22.04.1 . Critical flaw in Smarty template permits remote execution of code, impacting Ubuntu versions 22.10 and 22.04 LTS. Ensure you update immediately!. Smarty Template Attack, Code Execution Ubuntu, Linux Security Update. . Severity: Medium. LinuxSecurity.com Team

Calendar 2 Apr 13, 2023 Medium Ubuntu
Banner 2 1028x280 1708121730 1 1771599631
197
Ls Advisories Deblts Esm H240
Price Tag 1security advisorycriticalphp

Debian 10 Buster: DLA-3262-1 Critical: Cross-Site Scripting in Smarty3

It was discovered that there was a potential cross-site scripting vulnerability in smarty3, a widely-used PHP templating engine. For Debian 10 buster, this problem has been fixed in version . - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3262-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/lts/security/ Chris Lamb January 05, 2023 https://wiki.debian.org/LTS - ------------------------------------------------------------------------- Package : smarty3 Version : 3.1.33+20180830.1.3a78a21f+selfpack1-1+deb10u2 CVE ID : CVE-2018-25047 Debian Bug : 1019897 It was discovered that there was a potential cross-site scripting vulnerability in smarty3, a widely-used PHP templating engine. For Debian 10 buster, this problem has been fixed in version 3.1.33+20180830.1.3a78a21f+selfpack1-1+deb10u2. We recommend that you upgrade your smarty3 packages. For the detailed security status of smarty3 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/smarty3 Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . A security notification concerning a cross-site scripting vulnerability found in smarty3 for Debian 10 has been issued, recommending immediate package updates.. Debian LTS, Smarty3 Update, Cross-Site Scripting, PHP Security. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Jan 05, 2023 Critical Debian LTS
197
Ls Advisories Deblts Esm H240
Price Tag 1security advisorycriticalDebian

Debian 9 DLA-3033-1 Critical: Vulnerability in Smarty3 Code Injection

Smarty3 is a template engine for PHP. It was found that template authors could inject PHP code by choosing a malicious {block} name or {include} file name. For Debian 9 stretch, this problem has been fixed in version . -------------------------------------------------------------------------Debian LTS Advisory DLA-3033-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/lts/security/ Markus Koschany May 29, 2022 https://wiki.debian.org/LTS -------------------------------------------------------------------------Package : smarty3 Version : 3.1.31+20161214.1.c7d42e4+selfpack1-2+deb9u6 CVE ID : CVE-2022-29221 Debian Bug : 1011758 Smarty3 is a template engine for PHP. It was found that template authors could inject PHP code by choosing a malicious {block} name or {include} file name. For Debian 9 stretch, this problem has been fixed in version 3.1.31+20161214.1.c7d42e4+selfpack1-2+deb9u6. We recommend that you upgrade your smarty3 packages. For the detailed security status of smarty3 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/smarty3 Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . Debian LTS Advisory DLA-3034-1 highlights a security flaw related to buffer overflow in php5 for Debian 9 stretch. Immediate update is advised.. Debian LTS, Smarty3 Code Injection, Template Security. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 May 29, 2022 Critical Debian LTS
Banner 2 1028x280 1708121730 1 1771599631
87
Ls Advisories Debian Esm H240
Price Tag 1security advisorymoderateupdate

Debian: DSA-5151-1 Moderate: Smarty3 Code Execution Risk

Several security vulnerabilities have been discovered in smarty3, the compiling PHP template engine. Template authors are able to run restricted static php methods or even arbitrary PHP code by crafting a malicious math string or by choosing an invalid {block} or {include} file name. If a math string was passed . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-5151-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/security/ Markus Koschany May 29, 2022 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : smarty3 CVE ID : CVE-2021-21408 CVE-2021-26119 CVE-2021-26120 CVE-2021-29454 CVE-2022-29221 Debian Bug : 1010375 1011758 Several security vulnerabilities have been discovered in smarty3, the compiling PHP template engine. Template authors are able to run restricted static php methods or even arbitrary PHP code by crafting a malicious math string or by choosing an invalid {block} or {include} file name. If a math string was passed through as user provided data to the math function, remote users were able to run arbitrary PHP code as well. For the oldstable distribution (buster), these problems have been fixed in version 3.1.33+20180830.1.3a78a21f+selfpack1-1+deb10u1. For the stable distribution (bullseye), these problems have been fixed in version 3.1.39-2+deb11u1. We recommend that you upgrade your smarty3 packages. For the detailed security status of smarty3 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/smarty3 Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. . Urgent security patch releasedfor smarty3 in Debian. Corrections address remote execution flaws and suggest immediate updates.. smarty3 Update, Debian Security, PHP Template Engine. . Severity: Important. LinuxSecurity.com Team

Calendar 2 May 29, 2022 Important Debian
197
Ls Advisories Deblts Esm H240
Price Tag 1security advisorycode executiondebian

Debian Stretch DLA-2995-1 Moderate Smarty3 Code Execution Risk

Smarty3, a template engine for PHP, allowed template authors to run restricted static php methods. The same authors could also run arbitrary PHP code by crafting a malicious math string. If a math string was passed through as user provided data to the math function, remote users were able to run arbitrary PHP . -------------------------------------------------------------------------Debian LTS Advisory DLA-2995-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/lts/security/ Markus Koschany May 05, 2022 https://wiki.debian.org/LTS -------------------------------------------------------------------------Package : smarty3 Version : 3.1.31+20161214.1.c7d42e4+selfpack1-2+deb9u5 CVE ID : CVE-2021-21408 CVE-2021-29454 Debian Bug : 1010375 Smarty3, a template engine for PHP, allowed template authors to run restricted static php methods. The same authors could also run arbitrary PHP code by crafting a malicious math string. If a math string was passed through as user provided data to the math function, remote users were able to run arbitrary PHP code as well. For Debian 9 stretch, these problems have been fixed in version 3.1.31+20161214.1.c7d42e4+selfpack1-2+deb9u5. We recommend that you upgrade your smarty3 packages. For the detailed security status of smarty3 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/smarty3 Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . Ubuntu Security Notice USN-1234-1 resolves vulnerabilities in Jinja2, mitigating Python script execution threats.. Debian Smarty3 Code Execution PHP Security. . Severity: Important. LinuxSecurity.com Team

Calendar 2 May 05, 2022 Important Debian LTS
Banner 2 1028x280 1708121730 1 1771599631
197
Ls Advisories Deblts Esm H240
Price Tag 1security advisorysecurity updatedebian

Debian: DLA-2618-3 Moderate: Smarty3 Regression Security Update

The security update of smarty3, the compiling PHP template engine, issued as DLA 2618-1 introduced a regression in the smarty_security class when secure directories are evaluated. Updated smarty3 packages are now available to correct this issue. . -------------------------------------------------------------------------Debian LTS Advisory DLA-2618-3 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/lts/security/ Markus Koschany October 20, 2021 https://wiki.debian.org/LTS -------------------------------------------------------------------------Package : smarty3 Version : 3.1.31+20161214.1.c7d42e4+selfpack1-2+deb9u4 CVE ID : CVE-2018-13982 Debian Bug : 989141 The security update of smarty3, the compiling PHP template engine, issued as DLA 2618-1 introduced a regression in the smarty_security class when secure directories are evaluated. Updated smarty3 packages are now available to correct this issue. For Debian 9 stretch, this problem has been fixed in version 3.1.31+20161214.1.c7d42e4+selfpack1-2+deb9u4. We recommend that you upgrade your smarty3 packages. For the detailed security status of smarty3 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/smarty3 Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . Debian LTS DLA-2618-4 resolves an issue in smarty3 related to secure folder validation, advising users to update.. Smarty3 Update, Debian Security, Regression Fix, PHP Template Engine. . LinuxSecurity.com Team

Calendar 2 Oct 20, 2021 Debian LTS
197
Ls Advisories Deblts Esm H240
Price Tag 1security advisorymoderatecritical

Debian 9: DLA-2618-3 Urgent: Smarty3 Syntax Error Resolution Update

The update of smarty3 released as DLA-2618-1 induced a regression due to a syntax error in sysplugins/smarty_security.php. For Debian 9 stretch, this problem has been fixed in version . - ------------------------------------------------------------------------- Debian LTS Advisory DLA-2618-2 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/lts/security/ Abhijith PA April 16, 2021 https://wiki.debian.org/LTS - ------------------------------------------------------------------------- Package : smarty3 Version : 3.1.31+20161214.1.c7d42e4+selfpack1-2+deb9u3 CVE ID : CVE-2018-13982 CVE-2021-26119 CVE-2021-26120 Debian Bug : 986691 The update of smarty3 released as DLA-2618-1 induced a regression due to a syntax error in sysplugins/smarty_security.php. For Debian 9 stretch, this problem has been fixed in version 3.1.31+20161214.1.c7d42e4+selfpack1-2+deb9u3. We recommend that you upgrade your smarty3 packages. For the detailed security status of smarty3 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/smarty3 Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . Debian LTS Advisory DLA-2618-3 addresses a critical issue in smarty3, correcting a syntax bug that led to regression issues, impacting the functionality of Debian 9.. Debian LTS, Smarty3 Update, Security Fix. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Apr 16, 2021 Critical Debian LTS
Banner 2 1028x280 1708121730 1 1771599631
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":545,"type":"x","order":1,"pct":78.42,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.32,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.89,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.37,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200

Search Topics

Your message here