<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
</head>
<body>
==========================================================================<br>
<div class="moz-forward-container">
<div dir="ltr">
<div class="gmail_quote">
Ubuntu Security Notice USN-6012-1<br>
April 13, 2023<br>
<br>
smarty3 vulnerability<br>
==========================================================================<br>
<br>
A security issue affects these releases of Ubuntu and its
derivatives:<br>
<br>
- Ubuntu 22.10<br>
- Ubuntu 22.04 LTS<br>
<br>
Summary:<br>
<br>
Smarty could be made to crash or run programs if it received a
specially<br>
crafted template.<br>
<br>
Software Description:<br>
- smarty3: The compiling PHP template engine<br>
<br>
Details:<br>
<br>
It was discovered that Smarty incorrectly parsed blocks' names
and<br>
included files' names. A remote attacker with template writing
permissions<br>
could use this issue to execute arbitrary PHP code.
(CVE-2022-29221)<br>
<br>
Update instructions:<br>
<br>
The problem can be corrected by updating your system to the
following<br>
package versions:<br>
<br>
Ubuntu 22.10:<br>
smarty3 3.1.39-2ubuntu1.22.10.1<br>
<br>
Ubuntu 22.04 LTS:<br>
smarty3 3.1.39-2ubuntu1.22.04.1<br>
<br>
In general, a standard system update will make all the
necessary changes.<br>
<br>
References:<br>
<a href="https://ubuntu.com/security/notices/USN-6012-1"
rel="noreferrer" target="_blank" moz-do-not-send="true"
class="moz-txt-link-freetext">https://ubuntu.com/security/notices/USN-6012-1</a><br>
CVE-2022-29221<br>
<br>
Package Information:<br>
<a
href="https://launchpad.net/ubuntu/+source/smarty3/3.1.39-2ubuntu1.22.10.1"
rel="noreferrer" target="_blank" moz-do-not-send="true"
class="moz-txt-link-freetext">https://launchpad.net/ubuntu/+source/smarty3/3.1.39-2ubuntu1.22.10.1</a><br>
<a
href="https://launchpad.net/ubuntu/+source/smarty3/3.1.39-2ubuntu1.22.04.1"
rel="noreferrer" target="_blank" moz-do-not-send="true"
class="moz-txt-link-freetext">https://launchpad.net/ubuntu/+source/smarty3/3.1.39-2ubuntu1.22.04.1</a><br>
</div>
</div>
</div>
</body>
</html>