DSA-1520-1 smarty -- insufficient input sanitising

Debian Security Advisory

DSA-1520-1 smarty -- insufficient input sanitising

Date Reported:

16 Mar 2008

Affected Packages:

smarty

Vulnerable:

Yes

Security database references:

In the Debian bugtracking system: Bug 469492.
In Mitre's CVE dictionary: CVE-2008-1066.

More information:

It was discovered that the regex module in Smarty, a PHP templating engine, allows attackers to call arbitrary PHP functions via templates using the regex_replace plugin by a specially crafted search string.

For the old stable distribution (sarge), this problem has been fixed in version 2.6.9-1sarge1.

For the stable distribution (etch), this problem has been fixed in version 2.6.14-1etch4.

For the unstable distribution (sid), this problem has been fixed in version 2.6.18-1.1.

We recommend that you upgrade your smarty package.

Fixed in:

Debian GNU/Linux 3.1 (sarge)

Source:

http://security.debian.org/pool/updates/main/s/smarty/smarty_2.6.9-1sarge1.dsc

http://security.debian.org/pool/updates/main/s/smarty/smarty_2.6.9.orig.tar.gz

http://security.debian.org/pool/updates/main/s/smarty/smarty_2.6.9-1sarge1.diff.gz

Architecture-independent component:

http://security.debian.org/pool/updates/main/s/smarty/smarty_2.6.9-1sarge1_all.deb

Debian GNU/Linux 4.0 (etch)

Source:

http://security.debian.org/pool/updates/main/s/smarty/smarty_2.6.14-1etch4.dsc

http://security.debian.org/pool/updates/main/s/smarty/smarty_2.6.14.orig.tar.gz

http://security.debian.org/pool/updates/main/s/smarty/smarty_2.6.14-1etch4.diff.gz

Architecture-independent component:

http://security.debian.org/pool/updates/main/s/smarty/smarty_2.6.14-1etch4_all.deb

MD5 checksums of the listed files are available in the original advisory.