Bug 435810 (CVE-2008-1066)
Summary: | CVE-2008-1066 smarty arbitrary code execution in template | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Red Hat Product Security <security-response-team> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | low | Docs Contact: | |
Priority: | low | ||
Version: | unspecified | CC: | chris.stone, icon, vdanen |
Target Milestone: | --- | Keywords: | Reopened, Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1066 | ||
Whiteboard: | |||
Fixed In Version: | 2.6.19-1 | Doc Type: | Bug Fix |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2011-06-16 18:56:02 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 435811, 435812, 435813, 438058, 438059, 438060, 438062, 438063, 438064 | ||
Bug Blocks: |
Description
Lubomir Kundrak
2008-03-03 23:13:48 UTC
(In reply to comment #0) > The modifier.regex_replace.php plugin in Smarty before 2.6.19 --------------------------------------------------^^^^^^ *before*, as in 2.6.18 and lower, as in this was fixed last week. Please do me a favor and close all these bugs for me so I don't have to waste time doing it myself.... Thanks. Updates were pushed to Fedora stable as bugfixes: https://admin.fedoraproject.org/updates/F7/FEDORA-2008-1928 https://admin.fedoraproject.org/updates/F8/FEDORA-2008-1911 php-pear-PhpDocumentor and gallery2 should not embed a copy of smarty. Is there a possibility to make it use code from the php-Smarty package? (In reply to comment #6) > php-pear-PhpDocumentor and gallery2 should not embed a copy of smarty. > Is there a possibility to make it use code from the php-Smarty package? It should be possible, yes. php-pear-PhpDocumentor-1.4.1-2.fc8 has been submitted as an update for Fedora 8 gallery2-2.2.4-3.fc7 has been pushed to the Fedora 7 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update gallery2'. You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F7/FEDORA-2008-2587 php-pear-PhpDocumentor-1.4.1-2.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report. gallery2-2.2.4-3.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report. gallery2-2.2.4-3.fc7 has been pushed to the Fedora 7 stable repository. If problems still persist, please make note of it in this bug report. Removing myself (john@ncphotography) from CC list as updated required for my packages have been pushed. Reporter changed to security-response-team by request of Jay Turner. |