drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Preisgabe von Informationen in Twig
| Name: |
Preisgabe von Informationen in Twig |
|
| ID: |
USN-7549-1 |
|
| Distribution: |
Ubuntu |
|
| Plattformen: |
Ubuntu 24.04 LTS, Ubuntu 24.10 |
|
| Datum: |
Mo, 2. Juni 2025, 23:33 |
|
| Referenzen: |
https://launchpad.net/ubuntu/+source/php-twig/3.8.0-3ubuntu1
https://www.cve.org/CVERecord?id=CVE-2024-45411
https://launchpad.net/ubuntu/+source/php-twig/3.8.0-2ubuntu1
https://ubuntu.com/security/notices/USN-7549-1 |
|
| Applikationen: |
Twig |
|
Originalnachricht |
This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--===============1101454490141988548==
Content-Language: en-US
Content-Type: multipart/signed; micalg=pgp-sha256;
protocol="application/pgp-signature";
boundary="------------KV996UMGzcbEBRPbVB94IwW3"
This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--------------KV996UMGzcbEBRPbVB94IwW3
Content-Type: multipart/mixed;
boundary="------------7VEEBE7VBqIHkcXmw2urWmU5";
protected-headers="v1"
From: Julia Sarris <julia.sarris@canonical.com>
Reply-To: security@ubuntu.com
To: ubuntu-security-announce@lists.ubuntu.com
Message-ID: <c366e21a-e1a2-4ebd-83d4-32aa1bce1b76@canonical.com>
Subject: [USN-7549-1] Twig vulnerability
--------------7VEEBE7VBqIHkcXmw2urWmU5
Content-Type: multipart/mixed;
boundary="------------qhAjbFxNA6HF5U00z5I6kksq"
--------------qhAjbFxNA6HF5U00z5I6kksq
Content-Type: multipart/alternative;
boundary="------------80qYqqOMeBp5LvGDb860mzqj"
--------------80qYqqOMeBp5LvGDb860mzqj
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: base64
==========================================================================
Ubuntu Security Notice USN-7549-1
June 02, 2025
php-twig vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 24.10
- Ubuntu 24.04 LTS
Summary:
Twig could be made to expose sensitive information if it opened
a specially crafted file.
Software Description:
- php-twig: Flexible, fast, and secure template engine for PHP
Details:
It was discovered that Twig did not correctly handle securing
user input. An attacker could possibly use this issue to cause
Twig to expose sensitive information if it opened a specially
crafted file. (CVE-2024-45411)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 24.10
php-twig 3.8.0-3ubuntu1
Ubuntu 24.04 LTS
php-twig 3.8.0-2ubuntu1
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7549-1
<https://ubuntu.com/security/notices/USN-7549-1>
CVE-2024-45411
Package Information:
https://launchpad.net/ubuntu/+source/php-twig/3.8.0-3ubuntu1
<https://launchpad.net/ubuntu/+source/php-twig/3.8.0-3ubuntu1>
https://launchpad.net/ubuntu/+source/php-twig/3.8.0-2ubuntu1
<https://launchpad.net/ubuntu/+source/php-twig/3.8.0-2ubuntu1>
--------------80qYqqOMeBp5LvGDb860mzqj
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE html>
<html>
<head>
<meta http-equiv=3D"Content-Type" content=3D"text/html;
charset=3DUTF=
-8">
</head>
<body>
<div id=3D":18d" class=3D"ii gt">
<div id=3D":18e" class=3D"a3s aiL
">=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D<wbr>=3D=3D=3D=3D
=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D<wbr>=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D<br>
Ubuntu Security Notice USN-7549-1<br>
June 02, 2025<br>
<br>
php-twig vulnerability<br>
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D<wbr>=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D<wbr>=3D=3D=3D=3D=3D=3D=3D=3D
=
=3D=3D=3D=3D=3D=3D<br>
<br>
A security issue affects these releases of Ubuntu and its
derivatives:<br>
<br>
- Ubuntu 24.10<br>
- Ubuntu 24.04 LTS<br>
<br>
Summary:<br>
<br>
Twig could be made to expose sensitive information if it opened<b=
r>
a specially crafted file.<br>
<br>
Software Description:<br>
- php-twig: Flexible, fast, and secure template engine for PHP<br=
>
<br>
Details:<br>
<br>
It was discovered that Twig did not correctly handle
securing<br>=
user input. An attacker could possibly use this issue to cause<br=
>
Twig to expose sensitive information if it opened a
specially<br>=
crafted file. (CVE-2024-45411)<br>
<br>
Update instructions:<br>
<br>
The problem can be corrected by updating your system to the
following<br>
package versions:<br>
<br>
Ubuntu 24.10<br>
=C2=A0 php-twig=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=
=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 3.8.0-3ubuntu1<br>
<br>
Ubuntu 24.04 LTS<br>
=C2=A0 php-twig=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=
=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 3.8.0-2ubuntu1<br>
<br>
In general, a standard system update will make all the necessary
changes.<br>
<br>
References:<br>
=C2=A0 <a href=3D"https://ubuntu.com/security/notices/USN-7549-1"=
rel=3D"noreferrer" target=3D"_blank"
data-saferedirecturl=3D"https://www.google.com/url?q=3Dhttps://ubuntu.com=
/security/notices/USN-7549-1&source=3Dgmail&ust=3D174896246449000
=
0&usg=3DAOvVaw2Lzmv_p-Ad-nzjDXwyPkpr">https://ubuntu.com/security/no<=
wbr>tices/USN-7549-1</a><br>
=C2=A0 CVE-2024-45411<br>
<br>
Package Information:<br>
=C2=A0 <a
href=3D"https://launchpad.net/ubuntu/+source/php-twig/3.8.0-3ubuntu1"
rel=3D"noreferrer" target=3D"_blank"
data-saferedirecturl=3D"https://www.google.com/url?q=3Dhttps://launchpad.=
net/ubuntu/%2Bsource/php-twig/3.8.0-3ubuntu1&source=3Dgmail&ust=3D
=
1748962464490000&usg=3DAOvVaw3QZ7yR1aVcPkiXDEWJnjpD">https://launchpa=
d.net/ubuntu/+<wbr>source/php-twig/3.8.0-3ubuntu1</a><br>
=C2=A0 <a
href=3D"https://launchpad.net/ubuntu/+source/php-twig/3.8.0-2ubuntu1"
rel=3D"noreferrer" target=3D"_blank"
data-saferedirecturl=3D"https://www.google.com/url?q=3Dhttps://launchpad.=
net/ubuntu/%2Bsource/php-twig/3.8.0-2ubuntu1&source=3Dgmail&ust=3D
=
1748962464490000&usg=3DAOvVaw1XAgUaNxUlwa4MailQ_eeX">https://launchpa=
d.net/ubuntu/+<wbr>source/php-twig/3.8.0-2ubuntu1</a>
<div class=3D"yj6qo"></div>
<div class=3D"adL"><br>
</div>
</div>
</div>
<div class=3D"WhmR8e" data-hash=3D"0"></div>
<div class=3D"ajx"></div>
<div class=3D"mVCoBd"></div>
<p></p>
</body>
</html>
--------------80qYqqOMeBp5LvGDb860mzqj--
--------------qhAjbFxNA6HF5U00z5I6kksq
Content-Type: application/pgp-keys;
name="OpenPGP_0x401EFCBCDA0FF1BD.asc"
Content-Disposition: attachment;
filename="OpenPGP_0x401EFCBCDA0FF1BD.asc"
Content-Description: OpenPGP public key
Content-Transfer-Encoding: quoted-printable
-----BEGIN PGP PUBLIC KEY BLOCK-----
xsBNBGao8McBCAD/mTHpWpp0rMyhX+xQYmuj1DoCiadFZysyAyKIFXODXRSOAQ58
YTf6BEuhPtEamZq+aJEGOTBJmUZxvGMv0Fo5yBN+OGoMA2CJQwxWQCZCptfivOCI
D5p2eANebDVXpZHHgpNwCyFVZR/UfSLMqX/y2wEi1AC4CKc3ihFBWdMJVdDk6zz0
4g/x4w76CZczUpe17QWD1XuAWUxmaVGM/TiKjktq3Lp6yZrb0QSYjCovXAGwfBmz
beludDi+EMDmh76PeKWfqQ38QSPEvN+Lv6OTjPWDfilfuOPpDZA2gsjNj3TaBllL
k9YW98OrqsbegQ0BhPgoPYQ3S15ikv53M8o/ABEBAAHNKUp1bGlhIFNhcnJpcyA8
anVsaWEuc2FycmlzQGNhbm9uaWNhbC5jb20+wsCRBBMBCgA7FiEEOMd9M4Vpc6WH
Yvv+QB78vNoP8b0FAmao8McCGwMFCwkIBwICIgIGFQoJCAsCBBYCAwECHgcCF4AA
CgkQQB78vNoP8b3fXQf6Awx8Nd5FkMMGdrWqBjIPZv1Ogkka2+PiIqwqcIeQGvam
V/bpIKOCb4QOS4kgQ+hNS1mmK+T/aWXRCYhiBIPAOIbo7jcMGxNz7V3+43RxlNVl
zt3feYM/QAJmgK8bjdCzI5ZQHiyX8pgOieCylRrcjroQHa9CxHej4aJGCaPGLFGo
81lYWJm21NP4LJTLk03ncJT8Ss64R28cOWUHujysxftAPHVYpPLdlwuJ3lgC8M5n
eq0qwsv22j62ldd/J7u2psRSczaU1ve/TfX71ZCyZZiw2Tm5HvaskD+CilXOaL2H
+KediuEtkQk5KKQikg2XtjbqCYyIxQT50v1TIu86ss7ATQRmqPDHAQgA5zGDufJq
9MhhDPJqM3Qz4kQXLKDXz2l5EovU5olrYerGmskpUBUSwfgAeBu9gMP5Y24spir3
eMm6O7m8EJsihMPCw4Iblzi9YZZX1TY3wegRXFIiaqW5kELnjhVnRpS9WQi9FDd9
gGPp7X3iQ8/B6+nyHitqhcj2A+Vpk5HaguY8zl3yEOwFnud5TEbSb/xYz7DhX5uv
B/FZ9rgn+j2N0hC/RVN1MpSRHZEbOCfpaYr/teiQexOWBlVVnZgCkHb9F0NiNImv
dXVZ18jY5wfgxemfgm8l4nDUlSMUIMiwGYekPMEuYvoDNPwfzzlYHKrVoqp54KMd
JALMUar1bVZtxQARAQABwsB2BBgBCgAgFiEEOMd9M4Vpc6WHYvv+QB78vNoP8b0F
Amao8McCGwwACgkQQB78vNoP8b10+ggA8nW+R2g9BDvkpurM0lwpaCtgKbaENIGg
lpxNXEEUEW7AaR4Mme+4PA/SdpWrFzVa0OGhqtZxkovUZXpgiLlx5/eR1Bl+TUuO
rjZkjGBy3r2Ce1JLwKilSZk7Bk45L7QDxA+NOLSFS7ADqzv37J2jhpfczqrYdpSj
kHgUvkapbuB0ONpQ/mhH9UDquY3eMGv3GSrvggVS0mKjR6bMl1plBWcfJ+Y//xQc
6S1bBdjbmwKMZjYbvhTpPbVeUOUdOg/0mYC/3rjSO+2OEn1Q+YIdfGqbLpDAbruG
m7XHtUOXesWorhDMzQGRpj7R+ed/9uJs0Nvg5FqAKTrzh+90ngEGuA=3D=3D
=3DQkbp
-----END PGP PUBLIC KEY BLOCK-----
--------------qhAjbFxNA6HF5U00z5I6kksq--
--------------7VEEBE7VBqIHkcXmw2urWmU5--
--------------KV996UMGzcbEBRPbVB94IwW3
Content-Type: application/pgp-signature; name="OpenPGP_signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="OpenPGP_signature.asc"
-----BEGIN PGP SIGNATURE-----
wsB5BAABCAAjFiEEOMd9M4Vpc6WHYvv+QB78vNoP8b0FAmg9vn0FAwAAAAAACgkQQB78vNoP8b30
SAf/SMjmSixIVJpPoJj2qMlsO+5Y/B48Dia6fQeyh+fy+c44kPI+jKgM+/H5vPg+8A2bTjfpFMce
dvdKro+nJiJ6HasXgDMTwZqD6RkRCwxbK3XNqqJm67F2OKd9eDhBYciVc7TTAQDyAcqhrGKrk20z
RE76p2J/QmHzn9jeWykqCj8khDTMNBz4KkZZf5I1ULEQF2DNcKSOI6c1xzoMmz3nWP6x6m4Kcc5U
XSkNHxY1LjYli+mwSFHREuzZ4oTun0p9bDCH4s/DM7TWRqKcyFW32wLpeU4/wKwyNMPEhuJANVgO
AkrIrt0d5vsEcj3wZEO4Q+KMKDAPpHNuUxNMoy3BVw==
=RjsD
-----END PGP SIGNATURE-----
--------------KV996UMGzcbEBRPbVB94IwW3--
--===============1101454490141988548==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: base64
Content-Disposition: inline
Cg==
--===============1101454490141988548==--
|
|
|
|
