USN-6012-1: Smarty vulnerability
13 April 2023
Smarty could be made to crash or run programs if it received a specially crafted template.
Releases
Packages
- smarty3 - The compiling PHP template engine
Details
It was discovered that Smarty incorrectly parsed blocks' names and
included files' names. A remote attacker with template writing permissions
could use this issue to execute arbitrary PHP code. (CVE-2022-29221)
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 22.10
Ubuntu 22.04
In general, a standard system update will make all the necessary changes.