Debian Security Advisory

DSA-1520-1 smarty -- insufficient input sanitising

Date Reported:
16 Mar 2008
Affected Packages:
smarty
Vulnerable:
Yes
Security database references:
In the Debian bugtracking system: Bug 469492.
In Mitre's CVE dictionary: CVE-2008-1066.
More information:

It was discovered that the regex module in Smarty, a PHP templating engine, allows attackers to call arbitrary PHP functions via templates using the regex_replace plugin by a specially crafted search string.

For the old stable distribution (sarge), this problem has been fixed in version 2.6.9-1sarge1.

For the stable distribution (etch), this problem has been fixed in version 2.6.14-1etch1.

For the unstable distribution (sid), this problem has been fixed in version 2.6.18-1.1.

We recommend that you upgrade your smarty package.

Fixed in:

Debian GNU/Linux 3.1 (sarge)

Source:
http://security.debian.org/pool/updates/main/s/smarty/smarty_2.6.9-1sarge1.dsc
http://security.debian.org/pool/updates/main/s/smarty/smarty_2.6.9.orig.tar.gz
http://security.debian.org/pool/updates/main/s/smarty/smarty_2.6.9-1sarge1.diff.gz
Architecture-independent component:
http://security.debian.org/pool/updates/main/s/smarty/smarty_2.6.9-1sarge1_all.deb

Debian GNU/Linux 4.0 (etch)

Source:
http://security.debian.org/pool/updates/main/s/smarty/smarty_2.6.14-1etch1.dsc
http://security.debian.org/pool/updates/main/s/smarty/smarty_2.6.14.orig.tar.gz
http://security.debian.org/pool/updates/main/s/smarty/smarty_2.6.14-1etch1.diff.gz
Architecture-independent component:
http://security.debian.org/pool/updates/main/s/smarty/smarty_2.6.14-1etch1_all.deb

MD5 checksums of the listed files are available in the original advisory.