==========================================================================
Ubuntu Security Notice USN-7377-1
March 27, 2025

smarty vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 24.10
- Ubuntu 24.04 LTS

Summary:

Smarty could be made to crash or run programs if it opened a specially
crafted file.

Software Description:
- smarty4: The compiling PHP template engine

Details:

It was discovered that Smarty did not properly sanitize template file
names. An attacker could possibly use this issue to cause Smarty to
crash, resulting in a denial of service, or possibly execute arbitrary
code.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.10
  smarty4                         4.3.1-1ubuntu0.24.10.1

Ubuntu 24.04 LTS
  smarty4                         4.3.1-1ubuntu0.24.04.1

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-7377-1
  CVE-2024-35226

Package Information:
https://launchpad.net/ubuntu/+source/smarty4/4.3.1-1ubuntu0.24.10.1
https://launchpad.net/ubuntu/+source/smarty4/4.3.1-1ubuntu0.24.04.1