<html> <head> <meta http-equiv="content-type" content="text/html; charset=UTF-8"> </head> <body> ========================================================================== <div class="moz-forward-container"> <div dir="ltr"> <div class="gmail_quote"> Ubuntu Security Notice USN-6012-1 April 13, 2023 smarty3 vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 22.10 - Ubuntu 22.04 LTS Summary: Smarty could be made to crash or run programs if it received a specially crafted template. Software Description: - smarty3: The compiling PHP template engine Details: It was discovered that Smarty incorrectly parsed blocks' names and included files' names. A remote attacker with template writing permissions could use this issue to execute arbitrary PHP code. (CVE-2022-29221) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 22.10: smarty3 3.1.39-2ubuntu1.22.10.1 Ubuntu 22.04 LTS: smarty3 3.1.39-2ubuntu1.22.04.1 In general, a standard system update will make all the necessary changes. References: <a href="https://ubuntu.com/security/notices/USN-6012-1" rel="noreferrer" target="_blank" moz-do-not-send="true" class="moz-txt-link-freetext">https://ubuntu.com/security/notices/USN-6012-1</a> CVE-2022-29221 Package Information: <a href="https://launchpad.net/ubuntu/+source/smarty3/3.1.39-2ubuntu1.22.10.1" rel="noreferrer" target="_blank" moz-do-not-send="true" class="moz-txt-link-freetext">https://launchpad.net/ubuntu/+source/smarty3/3.1.39-2ubuntu1.22.10.1</a> <a href="https://launchpad.net/ubuntu/+source/smarty3/3.1.39-2ubuntu1.22.04.1" rel="noreferrer" target="_blank" moz-do-not-send="true" class="moz-txt-link-freetext">https://launchpad.net/ubuntu/+source/smarty3/3.1.39-2ubuntu1.22.04.1</a> </div> </div> </div> </body> </html>