-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-1919-1 security@debian.org http://www.debian.org/security/ Thijs Kinkhorst October 25, 2009 http://www.debian.org/security/faq - ------------------------------------------------------------------------ Package : smarty Vulnerability : several Problem type : remote Debian-specific: no CVE Id(s) : CVE-2008-4810 CVE-2009-1669 Debian Bug : 504328 529810 Several remote vulnerabilities have been discovered in Smarty, a PHP templating engine. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2008-4810 The _expand_quoted_text function allows for certain restrictions in templates, like function calling and PHP execution, to be bypassed. CVE-2009-1669 The smarty_function_math function allows context-dependent attackers to execute arbitrary commands via shell metacharacters in the equation attribute of the math function. For the old stable distribution (etch), these problems have been fixed in version 2.6.14-1etch2. For the stable distribution (lenny), these problems have been fixed in version 2.6.20-1.2. For the unstable distribution (sid), these problems will be fixed soon. We recommend that you upgrade your smarty package. Upgrade instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - ------------------------------- Source archives: http://security.debian.org/pool/updates/main/s/smarty/smarty_2.6.14-1etch2.dsc Size/MD5 checksum: 958 f061c466cef93df89e677aeb72101910 http://security.debian.org/pool/updates/main/s/smarty/smarty_2.6.14.orig.tar.gz Size/MD5 checksum: 144986 9186796ddbc29191306338dea9d632a0 http://security.debian.org/pool/updates/main/s/smarty/smarty_2.6.14-1etch2.diff.gz Size/MD5 checksum: 4290 0ef9a669c127818f5ff084e2829738e9 Architecture independent packages: http://security.debian.org/pool/updates/main/s/smarty/smarty_2.6.14-1etch2_all.deb Size/MD5 checksum: 183300 d0ac954aad344f20b5933b09593b2968 Debian GNU/Linux 5.0 alias lenny - -------------------------------- Source archives: http://security.debian.org/pool/updates/main/s/smarty/smarty_2.6.20-1.2.dsc Size/MD5 checksum: 1409 f280e2733ef52ff621891f99b26386f3 http://security.debian.org/pool/updates/main/s/smarty/smarty_2.6.20-1.2.diff.gz Size/MD5 checksum: 4876 4d729d18d7efe68e1ce3023149436c01 http://security.debian.org/pool/updates/main/s/smarty/smarty_2.6.20.orig.tar.gz Size/MD5 checksum: 158091 35f405b2418a26a895302a2ce5bf89d2 Architecture independent packages: http://security.debian.org/pool/updates/main/s/smarty/smarty_2.6.20-1.2_all.deb Size/MD5 checksum: 204412 1e8e85b298b97176359dd15731e0dc88 These files will probably be moved into the stable distribution on its next update. - --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce@lists.debian.org Package info: `apt-cache show ' and http://packages.debian.org/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iQEcBAEBAgAGBQJK5HuJAAoJECIIoQCMVaAc41oH/iXgblL5cfzH4wujl26DrEmd 8ivwmMDdRzd6zio60VtRgbLFfDa1nvByavfJYbJSgjkphbf4qXMxNVVRxp0z9laT fg7gkytG9KXXiqvhxz8NrzCGg7v0jmOorATYCamFEUgKg9d+sXy2/bIpO3xN1txU Wvub7/q3n8DUg3go7kPMCC5euzaB0Fs0fq6zzWuRcKW640bMiOyNq6n/kvTICv3x 4Yv+PIj1KbXgz/R45+QtyQGibJzj3XWTL5DpRNe1fH8uUQ4sqKCyKDsaayrOXa0w Y0wkZ3IEmbOpe1UmUB57kAVSzfRAicFOGRJmXunni/tBs2ivBL27P7F/dMKYAQg= =EBks -----END PGP SIGNATURE-----