openSUSE-SU-2018:2859-1: moderate: Security update for php5-smarty3

openSUSE Security Update: Security update for php5-smarty3

Announcement ID: openSUSE-SU-2018:2859-1
Rating: moderate
References: #1108741
Cross-References: CVE-2018-16381
Affected Products:
openSUSE Leap 42.3

An update that fixes one vulnerability is now available.


This update for php5-smarty3 fixes the following issues:

– CVE-2018-16381: Prevent traversal vulnerability due to insufficient
template code sanitization that allowed attackers controlling the
executed template code to bypass the trusted directory security
restriction and read arbitrary files (bsc#1108741).

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or “zypper patch”.

Alternatively you can run the command listed for your product:

– openSUSE Leap 42.3:

zypper in -t patch openSUSE-2018-1052=1

Package List:

– openSUSE Leap 42.3 (noarch):



To unsubscribe, e-mail:
For additional commands, e-mail: