==========================================================================
Ubuntu Security Notice USN-7549-1
June 02, 2025

php-twig vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 24.10
- Ubuntu 24.04 LTS

Summary:

Twig could be made to expose sensitive information if it opened
a specially crafted file.

Software Description:
- php-twig: Flexible, fast, and secure template engine for PHP

Details:

It was discovered that Twig did not correctly handle securing
user input. An attacker could possibly use this issue to cause
Twig to expose sensitive information if it opened a specially
crafted file. (CVE-2024-45411)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.10
  php-twig                        3.8.0-3ubuntu1

Ubuntu 24.04 LTS
  php-twig                        3.8.0-2ubuntu1

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-7549-1 
<https://ubuntu.com/security/notices/USN-7549-1>
  CVE-2024-45411

Package Information:
https://launchpad.net/ubuntu/+source/php-twig/3.8.0-3ubuntu1 
<https://launchpad.net/ubuntu/+source/php-twig/3.8.0-3ubuntu1>
https://launchpad.net/ubuntu/+source/php-twig/3.8.0-2ubuntu1 
<https://launchpad.net/ubuntu/+source/php-twig/3.8.0-2ubuntu1>