[Forgot Password]
Login  Register Subscribe

23631

 
 

115084

 
 

97147

 
 

909

 
 

78730

 
 

109

Paid content will be excluded from the download.


Download | Alert*
OVAL

DSA-1919-2 smarty -- several

ID: oval:org.secpod.oval:def:600000Date: (C)2011-01-28   (M)2017-11-18
Class: PATCHFamily: unix




A regression was found in the patch applied in DSA 1919-1 to smarty, which caused compilation failures on some specific templates. This update corrects the fix. For reference, the full advisory text below. Several remote vulnerabilities have been discovered in Smarty, a PHP templating engine. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2008-4810 The _expand_quoted_text function allows for certain restrictions in templates, like function calling and PHP execution, to be bypassed. CVE-2009-1669 The smarty_function_math function allows context-dependent attackers to execute arbitrary commands via shell metacharacters in the equation attribute of the math function. For the stable distribution , this problem has been fixed in version 2.6.20-1.3. The testing and unstable distribution are not affected by this regression. We recommend that you upgrade your smarty package.

Platform:
Debian 5.0
Product:
smarty
Reference:
DSA-1919-2
CVE-2008-4810
CVE-2009-1669
CVE    2
CVE-2008-4810
CVE-2009-1669
CPE    1
cpe:/o:debian:debian_linux:5.0

© 2013 SecPod Technologies