Smarty Template Engine Remote PHP Script Execution Vulnerability

Smarty Template Engine Remote PHP Script Execution Vulnerability

Solution:
The vendor has released a second update dealing with this issue. Apparently the first update still suffered from this issue as new attack vectors were found. The latest update apparently resolves this issue.

Gentoo Linux has released a revision to their original advisory dealing with this issue. Apparently the version reported as fixed still contained the issue, although through a different vector. Gentoo advises that users upgrade their packages to deal with this new vector by carrying out the following commands with superuser privileges:

emerge --sync
emerge --ask --oneshot --verbose ">=dev-php/smarty-2.6.9"

For more information, please see the referenced Gentoo Linux advisory.

Smarty Template Engine 2.6

Smarty Smarty 2.6.9
http://smarty.php.net/do_download.php?download_file=Smarty-2.6.9.tar.g z

Smarty Template Engine 2.6.1

Smarty Smarty 2.6.9
http://smarty.php.net/do_download.php?download_file=Smarty-2.6.9.tar.g z

Smarty Template Engine 2.6.2

Smarty Smarty 2.6.9
http://smarty.php.net/do_download.php?download_file=Smarty-2.6.9.tar.g z

Smarty Template Engine 2.6.3

Smarty Smarty 2.6.9
http://smarty.php.net/do_download.php?download_file=Smarty-2.6.9.tar.g z

Smarty Template Engine 2.6.4

Smarty Smarty 2.6.9
http://smarty.php.net/do_download.php?download_file=Smarty-2.6.9.tar.g z

Smarty Template Engine 2.6.5

Smarty Smarty 2.6.9
http://smarty.php.net/do_download.php?download_file=Smarty-2.6.9.tar.g z

Smarty Template Engine 2.6.6

Smarty Smarty 2.6.9
http://smarty.php.net/do_download.php?download_file=Smarty-2.6.9.tar.g z

Smarty Template Engine 2.6.7

Smarty Smarty 2.6.9
http://smarty.php.net/do_download.php?download_file=Smarty-2.6.9.tar.g z

Smarty Template Engine 2.6.8

Smarty Smarty 2.6.9
http://smarty.php.net/do_download.php?download_file=Smarty-2.6.9.tar.g z