drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Ausführen beliebiger Kommandos in Smarty PHP template engine
| Name: |
Ausführen beliebiger Kommandos in Smarty PHP template engine |
|
| ID: |
DSA-4094-1 |
|
| Distribution: |
Debian |
|
| Plattformen: |
Debian jessie, Debian stretch |
|
| Datum: |
Di, 23. Januar 2018, 07:00 |
|
| Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000480 |
|
| Applikationen: |
Smarty PHP template engine |
|
Originalnachricht |
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
- -------------------------------------------------------------------------
Debian Security Advisory DSA-4094-1 security@debian.org
https://www.debian.org/security/
January 22, 2018 https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : smarty3
CVE ID : CVE-2017-1000480
Debian Bug : 886460
It was discovered that Smarty, a PHP template engine, was vulnerable to
code-injection attacks. An attacker was able to craft a filename in
comments that could lead to arbitrary code execution on the host running
Smarty.
For the oldstable distribution (jessie), this problem has been fixed
in version 3.1.21-1+deb8u1.
For the stable distribution (stretch), this problem has been fixed in
version 3.1.31+20161214.1.c7d42e4+selfpack1-2+deb9u1.
We recommend that you upgrade your smarty3 packages.
For the detailed security status of smarty3 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/smarty3
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEayzFlnvRveqeWJspbsLe9o/+N3QFAlpmaRAACgkQbsLe9o/+
N3SLJBAAoZt3q3HeplRZjJC8qcwCUic2ZRn/V6xW3BDI7NyNbUb1sOJrNFXPDLYl
4cTSbpG9LzK+OeEnZ/TbEG9sqZAUuH+rInhv/E89yZpgwg9/k6WK5LgI7KxHSL/X
JeGO6WLtJECkvE0QLymtlQnftCWJ+Ov9ia/mm9uenUF6mmJSyaNq6sXMSbTDYZSu
R3qki2b5tchWKFBWMfpR444OfxekWUJ9UJHqyItPCDoaLInBvogTEQvohtroXO/d
ewx2Ea4TLFzsdehAQK6I8XbfN4vpqYafTCVQ2kR5Dk3QNQr1TrPWRJUH7y1s3k8p
CGZbPI6iIorOAzRQWJqPV4tt+84coiCsEga5Bc5xadHALJ6xAaRHQx8dzPc4SsSs
oyrPyBUSYEspQpulgbcv9yZoy0EyO7s4ejEuZ4Fpvs/oFxXZ5yQDciK2W0eAxfNv
DHSUNyuJ+yAv9Y/IM2rb4KS3f0kyA9pYxHUtUDzkqYnl4wYai/byx38jYJQmSBoC
KiyItXfwVe3pb8U9TXUj1gFDPt4bNqfE8yTy/qMWWMhKsZQKOEYdumn5yANy9OMi
6NnkZe6w9N6rAt9Gs20fyxu85Djo3jNodlwH6tb7rk/aRQSX0HBIbu8w+2z2UUql
vRqrBVnWsGUIY7OkgmoyLTONJ4S2oAWyGiqy6USsD7gYfR2kmnc=
=9MnI
-----END PGP SIGNATURE-----
|
|
|
|
