Ubuntu Security Notice 5348-1 - David Gnedt and Thomas Konrad discovered that Smarty was incorrectly sanitizing the paths present in the templates. An attacker could possibly use this use to read arbitrary files when controlling the executed template. It was discovered that Smarty was incorrectly sanitizing the paths present in the templates. An attacker could possibly use this use to read arbitrary files when controlling the executed template.
0772a4f586431a77ce7e420bfb608884c2576b38b6bef725c3a3b511a53168bd==========================================================================
Ubuntu Security Notice USN-5348-1
March 28, 2022
smarty3 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 21.10
- Ubuntu 18.04 LTS
Summary:
Several security issues were fixed in Smarty.
Software Description:
- smarty3: The compiling PHP template engine
Details:
David Gnedt and Thomas Konrad discovered that Smarty was incorrectly
sanitizing the paths present in the templates. An attacker could possibly
use this use to read arbitrary files when controlling the executed
template. (CVE-2018-13982)
It was discovered that Smarty was incorrectly sanitizing the paths
present in the templates. An attacker could possibly use this use to read
arbitrary files when controlling the executed template. (CVE-2018-16831)
It was discovered that Smarty was incorrectly validating security policy
data, allowing the execution of static classes even when not permitted by
the security settings. An attacker could possibly use this issue to
execute arbitrary code. (CVE-2021-21408)
It was discovered that Smarty was incorrectly managing access control to
template objects, which allowed users to perform a sandbox escape. An
attacker could possibly use this issue to send specially crafted input to
applications that use Smarty and execute arbitrary code. (CVE-2021-26119)
It was discovered that Smarty was not checking for special characters
when setting function names during plugin compile operations. An attacker
could possibly use this issue to send specially crafted input to
applications that use Smarty and execute arbitrary code. (CVE-2021-26120)
It was discovered that Smarty was incorrectly sanitizing characters in
math strings processed by the math function. An attacker could possibly
use this issue to send specially crafted input to applications that use
Smarty and execute arbitrary code. (CVE-2021-29454)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 21.10:
smarty3 3.1.39-2ubuntu0.21.10.1
Ubuntu 18.04 LTS:
smarty3 3.1.31+20161214.1.c7d42e4+selfpack1-3ubuntu0.1
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-5348-1
CVE-2018-13982, CVE-2018-16831, CVE-2021-21408, CVE-2021-26119,
CVE-2021-26120, CVE-2021-29454
Package Information:
https://launchpad.net/ubuntu/+source/smarty3/3.1.39-2ubuntu0.21.10.1
https://launchpad.net/ubuntu/+source/smarty3/3.1.31+20161214.1.c7d42e4+selfpack1-3ubuntu0.1
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed