Debian Security Advisory 4094-1

Debian Security Advisory 4094-1: Posted Jan 24, 2018; Authored by Debian | Site debian.org; Debian Linux Security Advisory 4094-1 - It was discovered that Smarty, a PHP template engine, was vulnerable to code-injection attacks. An attacker was able to craft a filename in comments that could lead to arbitrary code execution on the host running Smarty.; tags | advisory, arbitrary, php, code execution; systems | linux, debian; advisories | CVE-2017-1000480; SHA-256 | 10d1177f7e54651d534936029798276dcc8f90250251e3e03899860e929c0e1e; Download | Favorite | View

Debian Security Advisory 4094-1


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4094-1                   security@debian.org
https://www.debian.org/security/                                         
January 22, 2018                      https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : smarty3
CVE ID         : CVE-2017-1000480
Debian Bug     : 886460

It was discovered that Smarty, a PHP template engine, was vulnerable to
code-injection attacks. An attacker was able to craft a filename in
comments that could lead to arbitrary code execution on the host running
Smarty.

For the oldstable distribution (jessie), this problem has been fixed
in version 3.1.21-1+deb8u1.

For the stable distribution (stretch), this problem has been fixed in
version 3.1.31+20161214.1.c7d42e4+selfpack1-2+deb9u1.

We recommend that you upgrade your smarty3 packages.

For the detailed security status of smarty3 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/smarty3

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEayzFlnvRveqeWJspbsLe9o/+N3QFAlpmaRAACgkQbsLe9o/+
N3SLJBAAoZt3q3HeplRZjJC8qcwCUic2ZRn/V6xW3BDI7NyNbUb1sOJrNFXPDLYl
4cTSbpG9LzK+OeEnZ/TbEG9sqZAUuH+rInhv/E89yZpgwg9/k6WK5LgI7KxHSL/X
JeGO6WLtJECkvE0QLymtlQnftCWJ+Ov9ia/mm9uenUF6mmJSyaNq6sXMSbTDYZSu
R3qki2b5tchWKFBWMfpR444OfxekWUJ9UJHqyItPCDoaLInBvogTEQvohtroXO/d
ewx2Ea4TLFzsdehAQK6I8XbfN4vpqYafTCVQ2kR5Dk3QNQr1TrPWRJUH7y1s3k8p
CGZbPI6iIorOAzRQWJqPV4tt+84coiCsEga5Bc5xadHALJ6xAaRHQx8dzPc4SsSs
oyrPyBUSYEspQpulgbcv9yZoy0EyO7s4ejEuZ4Fpvs/oFxXZ5yQDciK2W0eAxfNv
DHSUNyuJ+yAv9Y/IM2rb4KS3f0kyA9pYxHUtUDzkqYnl4wYai/byx38jYJQmSBoC
KiyItXfwVe3pb8U9TXUj1gFDPt4bNqfE8yTy/qMWWMhKsZQKOEYdumn5yANy9OMi
6NnkZe6w9N6rAt9Gs20fyxu85Djo3jNodlwH6tb7rk/aRQSX0HBIbu8w+2z2UUql
vRqrBVnWsGUIY7OkgmoyLTONJ4S2oAWyGiqy6USsD7gYfR2kmnc=
=9MnI
-----END PGP SIGNATURE-----

Top Authors In Last 30 Days

Red Hat 232 files
Ubuntu 59 files
Debian 27 files
Valentin Lobstein 11 files
LiquidWorm 11 files
nu11secur1ty 9 files
Apple 6 files
Milad Karimi 5 files
Google Security Research 5 files
Yevhenii Butenko 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,022)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,318)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,567)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,456)
UNIX (9,394)
UnixWare (187)
Windows (6,650)
Other

Debian Security Advisory 4094-1

Debian Security Advisory 4094-1

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Debian Security Advisory 4094-1

Share This

Debian Security Advisory 4094-1

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems