UbuntuUpdates.org

Package "smarty3"

Name: smarty3

Description:

Smarty - the compiling PHP template engine
Latest version: 3.1.31+20161214.1.c7d42e4+selfpack1-3ubuntu0.1
Release: bionic (18.04)
Level: security
Repository: universe
Homepage: http://www.smarty.net/

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "smarty3"

All arch deb package
APT INSTALL

Other versions of "smarty3" in Bionic

Repository Area Version
base universe 3.1.31+20161214.1.c7d42e4+selfpack1-3
updates universe 3.1.31+20161214.1.c7d42e4+selfpack1-3ubuntu0.1

Changelog

Version: 3.1.31+20161214.1.c7d42e4+selfpack1-3ubuntu0.1 2022-03-28 12:06:22 UTC

  smarty3 (3.1.31+20161214.1.c7d42e4+selfpack1-3ubuntu0.1) bionic-security; urgency=medium

  * SECURITY UPDATE: path traversal in Smarty templates
    - debian/patches/CVE-2018-13982-1.patch: perform validation over
      directory provided in libs/Smarty.class.php and
      libs/sysplugins/smarty_security.php
    - debian/patches/CVE-2018-13982-2.patch: reformat code of
      previous patch and add additional checks.
    - debian/patches/CVE-2018-13982-3.patch: alter regex validation
      of previous patches and update logic flow.
    - CVE-2018-13982
    - CVE-2018-16831
  * SECURITY UPDATE: execution of restricted php methods
    - debian/patches/CVE-2021-21408.patch: Prevent evasion of the
      static_classes security policy in
      lexer/smarty_internal_templateparser.y and
      libs/sysplugins/smarty_internal_templateparser.php.
    - CVE-2021-21408
  * SECURITY UPDATE: sandbox escape by accessing public object
    - debian/patches/CVE-2021-26119.patch: Prevent access to
      $smarty.template_object in sandbox mode in
      libs/sysplugins/
      smarty_internal_compile_private_special_variable.php.
    - CVE-2021-26119
  * SECURITY UPDATE: code injection through function name
    - debian/patches/CVE-2021-26120.patch: perform validation over
      the function name supplied in
      libs/sysplugins/smarty_internal_compile_function.php.
    - CVE-2021-26120
  * SECURITY UPDATE: code injection through math function
    - debian/patches/CVE-2021-29454.patch: verify if the input to
      the math function is a mathematical expression in
      libs/plugins/function.math.php.
    - CVE-2021-29454

 -- David Fernandez Gonzalez <email address hidden> Mon, 21 Mar 2022 12:21:04 +0100
CVE-2018-13982 Smarty_Security::isTrustedResourceDir() in Smarty before 3.1.33 is prone to a path traversal vulnerability due to insufficient template code sanitiza
CVE-2018-16831 Smarty before 3.1.33-dev-4 allows attackers to bypass the trusted_dir protection mechanism via a file:./../ substring in an include statement.
CVE-2021-21408 Smarty is a template engine for PHP, facilitating the separation of presentation (HTML/CSS) from application logic. Prior to versions 3.1.43 and 4.0.
CVE-2021-26119 Smarty before 3.1.39 allows a Sandbox Escape because $smarty.template_object can be accessed in sandbox mode.
CVE-2021-26120 Smarty before 3.1.39 allows code injection via an unexpected function name after a {function name= substring.
CVE-2021-29454 Smarty is a template engine for PHP, facilitating the separation of presentation (HTML/CSS) from application logic. Prior to versions 3.1.42 and 4.0.


About   -   Send Feedback to @ubuntu_updates