Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -7 articles for you...
172
security advisoryremote code executionubuntuUbuntu 22.10 & 22.04 LTS USN-6012-1 Moderate: Smarty Template Exploit
Smarty could be made to crash or run programs if it received a specially crafted template.. =========================================================================Ubuntu Security Notice USN-6012-1 April 13, 2023 smarty3 vulnerability ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 22.10 - Ubuntu 22.04 LTS Summary: Smarty could be made to crash or run programs if it received a specially crafted template. Software Description: - smarty3: The compiling PHP template engine Details: It was discovered that Smarty incorrectly parsed blocks' names and included files' names. A remote attacker with template writing permissions could use this issue to execute arbitrary PHP code. (CVE-2022-29221) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 22.10: smarty3 3.1.39-2ubuntu1.22.10.1 Ubuntu 22.04 LTS: smarty3 3.1.39-2ubuntu1.22.04.1 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-6012-1 CVE-2022-29221 Package Information: https://launchpad.net/ubuntu/+source/smarty3/3.1.39-2ubuntu1.22.10.1 https://launchpad.net/ubuntu/+source/smarty3/3.1.39-2ubuntu1.22.04.1 . Critical flaw in Smarty template permits remote execution of code, impacting Ubuntu versions 22.10 and 22.04 LTS. Ensure you update immediately!. Smarty Template Attack, Code Execution Ubuntu, Linux Security Update. . Severity: Medium. LinuxSecurity.com Team
Apr 13, 2023
•Medium
Ubuntu
172
security advisorycritical issuecode executionUbuntu: 21.10 & 18.04 LTS Critical: Smarty Exploits and Threats
Several security issues were fixed in Smarty.. =========================================================================Ubuntu Security Notice USN-5348-1 March 28, 2022 smarty3 vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 21.10 - Ubuntu 18.04 LTS Summary: Several security issues were fixed in Smarty. Software Description: - smarty3: The compiling PHP template engine Details: David Gnedt and Thomas Konrad discovered that Smarty was incorrectly sanitizing the paths present in the templates. An attacker could possibly use this use to read arbitrary files when controlling the executed template. (CVE-2018-13982) It was discovered that Smarty was incorrectly sanitizing the paths present in the templates. An attacker could possibly use this use to read arbitrary files when controlling the executed template. (CVE-2018-16831) It was discovered that Smarty was incorrectly validating security policy data, allowing the execution of static classes even when not permitted by the security settings. An attacker could possibly use this issue to execute arbitrary code. (CVE-2021-21408) It was discovered that Smarty was incorrectly managing access control to template objects, which allowed users to perform a sandbox escape. An attacker could possibly use this issue to send specially crafted input to applications that use Smarty and execute arbitrary code. (CVE-2021-26119) It was discovered that Smarty was not checking for special characters when setting function names during plugin compile operations. An attacker could possibly use this issue to send specially crafted input to applications that use Smarty and execute arbitrary code. (CVE-2021-26120) It was discovered that Smarty was incorrectly sanitizing characters in math strings processed by the math function. An attacker could possibly use this issue to send specially crafted input toapplications that use Smarty and execute arbitrary code. (CVE-2021-29454) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 21.10: smarty3 3.1.39-2ubuntu0.21.10.1 Ubuntu 18.04 LTS: smarty3 3.1.31+20161214.1.c7d42e4+selfpack1-3ubuntu0.1 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-5348-1 CVE-2018-13982, CVE-2018-16831, CVE-2021-21408, CVE-2021-26119, CVE-2021-26120, CVE-2021-29454 Package Information: https://launchpad.net/ubuntu/+source/smarty3/3.1.39-2ubuntu0.21.10.1 https://launchpad.net/ubuntu/+source/smarty3/3.1.31+20161214.1.c7d42e4+selfpack1-3ubuntu0.1 . Urgent vulnerabilities have been identified within Smarty impacting various versions of Ubuntu. Immediate patches are required to mitigate risks of potential breaches.. Smarty Security Update, Ubuntu Advisory, Threat Management, PHP Template Issue. . Severity: Critical. LinuxSecurity.com Team
Mar 28, 2022
•Critical
Ubuntu
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!