| Summary: | <dev-php/smarty-3.1.21-r1: secure mode bypass (CVE-2014-8350) | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
| Status: | RESOLVED FIXED | ||
| Severity: | minor | CC: | php-bugs |
| Priority: | Normal | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | https://bugzilla.redhat.com/show_bug.cgi?id=1155846 | ||
| Whiteboard: | B3 [noglsa] | ||
| Package list: | Runtime testing required: | --- | |
CVE-2014-8350 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8350): Smarty before 3.1.21 allows remote attackers to bypass the secure mode restrictions and execute arbitrary PHP code as demonstrated by "{literal}<{/literal}script language=php>" in a template. Arches, please mark stable Target keywords: dev-php/smarty-3.1.21-r1 alpha amd64 hppa ia64 ppc ppc64 sparc x86 amd64 stable Stable for alpha/hppa/ia64/ppc/ppc64/sparc/x86 + 30 Apr 2015; Brian Evans <grknight@gentoo.org> -smarty-3.1.12.ebuild: + Drop vulnerable version wrt security bug 526542 + + 30 Apr 2015; <grknight@gentoo.org> package.mask: + Mask <dev-php/smarty-2.6.29 as it is unknown if vulnerable to security bug + 526542. Removal in 30 days as to not break scripts using the old version Cleanup complete. @security: it's in your court now. (In reply to Brian Evans from comment #5) > > Cleanup complete. Thanks for cleanup > > @security: it's in your court now. GLSA Vote: No GLSA vote: no. Closing as [noglsa] |
From ${URL} : The 3.1.21 release fixes the following issue: "" Smarty 3.1.21 minor bug fixes and improvements. Also following up a security bug fix where <script language="php"> tags still worked in secure mode. To note, this only affects users using Smarty in secure mode and exposing templates to untrusted third parties. "" It is not clear if the 2.x versions are affected or not. CVE request: http://seclists.org/oss-sec/2014/q4/420 References: https://code.google.com/p/smarty-php/source/browse/trunk/distribution/change_log.txt?r=4902 https://bugs.debian.org/765920 @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.