4

USN-791-3: Smarty vulnerability

view full story
linux-howto

http://www.ubuntu.com – Referenced CVEs:  CVE-2009-1669 Description:  =========================================================== Ubuntu Security Notice USN-791-3 June 24, 2009 smarty vulnerability CVE-2009-1669 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 9.04 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 9.04: smarty 2.6.22-1ubuntu1.1 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: It was discovered that Smarty did not correctly filter certain math inputs. A remote attacker using Smarty via a web service could exploit this to execute subsets of shell commands as the web server user. (Distributions)