lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date: Mon, 22 Jan 2018 22:48:33 +0000
From: Luciano Bello <luciano@...ian.org>
To: bugtraq@...urityfocus.com
Subject: [SECURITY] [DSA 4094-1] smarty3 security update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4094-1                   security@...ian.org
https://www.debian.org/security/                                         
January 22, 2018                      https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : smarty3
CVE ID         : CVE-2017-1000480
Debian Bug     : 886460

It was discovered that Smarty, a PHP template engine, was vulnerable to
code-injection attacks. An attacker was able to craft a filename in
comments that could lead to arbitrary code execution on the host running
Smarty.

For the oldstable distribution (jessie), this problem has been fixed
in version 3.1.21-1+deb8u1.

For the stable distribution (stretch), this problem has been fixed in
version 3.1.31+20161214.1.c7d42e4+selfpack1-2+deb9u1.

We recommend that you upgrade your smarty3 packages.

For the detailed security status of smarty3 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/smarty3

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@...ts.debian.org
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEayzFlnvRveqeWJspbsLe9o/+N3QFAlpmaRAACgkQbsLe9o/+
N3SLJBAAoZt3q3HeplRZjJC8qcwCUic2ZRn/V6xW3BDI7NyNbUb1sOJrNFXPDLYl
4cTSbpG9LzK+OeEnZ/TbEG9sqZAUuH+rInhv/E89yZpgwg9/k6WK5LgI7KxHSL/X
JeGO6WLtJECkvE0QLymtlQnftCWJ+Ov9ia/mm9uenUF6mmJSyaNq6sXMSbTDYZSu
R3qki2b5tchWKFBWMfpR444OfxekWUJ9UJHqyItPCDoaLInBvogTEQvohtroXO/d
ewx2Ea4TLFzsdehAQK6I8XbfN4vpqYafTCVQ2kR5Dk3QNQr1TrPWRJUH7y1s3k8p
CGZbPI6iIorOAzRQWJqPV4tt+84coiCsEga5Bc5xadHALJ6xAaRHQx8dzPc4SsSs
oyrPyBUSYEspQpulgbcv9yZoy0EyO7s4ejEuZ4Fpvs/oFxXZ5yQDciK2W0eAxfNv
DHSUNyuJ+yAv9Y/IM2rb4KS3f0kyA9pYxHUtUDzkqYnl4wYai/byx38jYJQmSBoC
KiyItXfwVe3pb8U9TXUj1gFDPt4bNqfE8yTy/qMWWMhKsZQKOEYdumn5yANy9OMi
6NnkZe6w9N6rAt9Gs20fyxu85Djo3jNodlwH6tb7rk/aRQSX0HBIbu8w+2z2UUql
vRqrBVnWsGUIY7OkgmoyLTONJ4S2oAWyGiqy6USsD7gYfR2kmnc=
=9MnI
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux - Powered by OpenVZ