Zum Inhalt springen.
Sympa Menü

it-securitynotifies - [IT-SecNots] [SECURITY] [DSA 4094-1] smarty3 security update

it-securitynotifies AT lists.piratenpartei.de

Betreff: Sicherheitsankündigungen

Listenarchiv

[IT-SecNots] [SECURITY] [DSA 4094-1] smarty3 security update


Chronologisch Thread 
    < Chronologisch >      < Thread >
  • From: Luciano Bello <luciano AT debian.org>
  • To: debian-security-announce AT lists.debian.org
  • Subject: [IT-SecNots] [SECURITY] [DSA 4094-1] smarty3 security update
  • Date: Mon, 22 Jan 2018 22:48:33 +0000
  • List-archive: https://lists.debian.org/msgid-search/E1edktF-0004kd-Qc AT seger.debian.org
  • List-id: <debian-security-announce.lists.debian.org>
  • List-url: <http://lists.debian.org/debian-security-announce/>
  • Old-return-path: <luciano AT seger.debian.org>
  • Priority: urgent
  • Resent-date: Mon, 22 Jan 2018 22:48:56 +0000 (UTC)
  • Resent-from: debian-security-announce AT lists.debian.org
  • Resent-message-id: <skNmUDOVuwD.A.M5C.XpmZaB@bendel>
  • Resent-sender: debian-security-announce-request AT lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4094-1 security AT debian.org
https://www.debian.org/security/
January 22, 2018 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : smarty3
CVE ID : CVE-2017-1000480
Debian Bug : 886460

It was discovered that Smarty, a PHP template engine, was vulnerable to
code-injection attacks. An attacker was able to craft a filename in
comments that could lead to arbitrary code execution on the host running
Smarty.

For the oldstable distribution (jessie), this problem has been fixed
in version 3.1.21-1+deb8u1.

For the stable distribution (stretch), this problem has been fixed in
version 3.1.31+20161214.1.c7d42e4+selfpack1-2+deb9u1.

We recommend that you upgrade your smarty3 packages.

For the detailed security status of smarty3 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/smarty3

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce AT lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEayzFlnvRveqeWJspbsLe9o/+N3QFAlpmaRAACgkQbsLe9o/+
N3SLJBAAoZt3q3HeplRZjJC8qcwCUic2ZRn/V6xW3BDI7NyNbUb1sOJrNFXPDLYl
4cTSbpG9LzK+OeEnZ/TbEG9sqZAUuH+rInhv/E89yZpgwg9/k6WK5LgI7KxHSL/X
JeGO6WLtJECkvE0QLymtlQnftCWJ+Ov9ia/mm9uenUF6mmJSyaNq6sXMSbTDYZSu
R3qki2b5tchWKFBWMfpR444OfxekWUJ9UJHqyItPCDoaLInBvogTEQvohtroXO/d
ewx2Ea4TLFzsdehAQK6I8XbfN4vpqYafTCVQ2kR5Dk3QNQr1TrPWRJUH7y1s3k8p
CGZbPI6iIorOAzRQWJqPV4tt+84coiCsEga5Bc5xadHALJ6xAaRHQx8dzPc4SsSs
oyrPyBUSYEspQpulgbcv9yZoy0EyO7s4ejEuZ4Fpvs/oFxXZ5yQDciK2W0eAxfNv
DHSUNyuJ+yAv9Y/IM2rb4KS3f0kyA9pYxHUtUDzkqYnl4wYai/byx38jYJQmSBoC
KiyItXfwVe3pb8U9TXUj1gFDPt4bNqfE8yTy/qMWWMhKsZQKOEYdumn5yANy9OMi
6NnkZe6w9N6rAt9Gs20fyxu85Djo3jNodlwH6tb7rk/aRQSX0HBIbu8w+2z2UUql
vRqrBVnWsGUIY7OkgmoyLTONJ4S2oAWyGiqy6USsD7gYfR2kmnc=
=9MnI
-----END PGP SIGNATURE-----


  • [IT-SecNots] [SECURITY] [DSA 4094-1] smarty3 security update, Luciano Bello, 22.01.2018

Archiv bereitgestellt durch MHonArc 2.6.19.

Seitenanfang