Debian-LTS has issued an advisory on April 8: https://www.debian.org/lts/security/2021/dla-2618 The issues are fixed upstream in 3.1.39. Mageia 7 and Mageia 8 are also affected.
CC: (none) => mageiaWhiteboard: (none) => MGA8TOO, MGA7TOOStatus comment: (none) => Fixed upstream in 3.1.39
Assigning to Marc for this SRPm (removed CC).
Assignee: bugsquad => mageiaCC: mageia => (none)
Ping Marc.
pushed an update. Updated php-smarty packages fix security vulnerabilities: It was possible to inject code into the template engine. This is fixed now. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26119 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26120 https://github.com/smarty-php/smarty/releases/tag/v3.1.39 ======================== Updated packages in core/updates_testing: ======================== php-smarty-3.1.39-1.mga7.noarch.rpm php-smarty-3.1.39-1.mga8.noarch.rpm SPRM: php-smarty-3.1.39-1.mga7.src.rpm php-smarty-3.1.39-1.mga8.src.rpm
Assignee: mageia => qa-bugsCVE: (none) => CVE-2021-26119, CVE-2021-26120
MGA7-64 Plasma on Lenovo B50 No installation issues. Read about this package and it seems a developers tool. I cann't find any "normal" package depending on it. So, seeing no ill effects on the system, I give it OK on clean install.
CC: (none) => herman.viaeneWhiteboard: MGA8TOO, MGA7TOO => MGA8TOO, MGA7TOO MGA7-64-OK
Already pushed on Cauldron. > r1728954 | mokraemer | 2021-05-31 11:08:22 +0200 (lun. 31 mai 2021) | 1 ligne > > new version 3.1.39
Status comment: Fixed upstream in 3.1.39 => (none)Whiteboard: MGA8TOO, MGA7TOO MGA7-64-OK => MGA7TOO MGA7-64-OKVersion: Cauldron => 8CC: (none) => ouaurelien
MGA8-64 Plasma on Lenovo B50 No installation issues. OK on clean install.
Whiteboard: MGA7TOO MGA7-64-OK => MGA7TOO MGA7-64-OK MGA8-64-OK
Validating. Advisory information in Comment 3.
Keywords: (none) => validated_updateCC: (none) => andrewsfarm, sysadmin-bugs
type: security subject: Updated php-smarty package fixes security vulnerabilities CVE: - CVE-2021-26119 - CVE-2021-26120 src: 7: core: - php-smarty-3.1.39-1.mga7 8: core: - php-smarty-3.1.39-1.mga8 description: | Smarty before 3.1.39 allows a Sandbox Escape because $smarty.template_object can be accessed in sandbox mode (CVE-2021-26119). Smarty before 3.1.39 allows code injection via an unexpected function name after a {function name= substring (CVE-2021-26120). references: - https://bugs.mageia.org/show_bug.cgi?id=28996 - https://github.com/smarty-php/smarty/releases/tag/v3.1.39 - https://www.debian.org/lts/security/2021/dla-2618
Keywords: (none) => advisory
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2021-0335.html
Resolution: (none) => FIXEDStatus: NEW => RESOLVED