Packages
- php-twig - Flexible, fast, and secure template engine for PHP
Details
Fabien Potencier discovered that Twig did not run sandbox security checks
in some circumstances. An attacker could possibly use this issue to cause
a denial of service or execute arbitrary commands. This issue only affected
Ubuntu 22.04 LTS and Ubuntu 24.04 LTS. (CVE-2024-45411)
Jamie Schouten discovered that Twig could bypass the security policy for
an object call. An attacker could possibly use this issue to obtain
sensitive information. (CVE-2024-51754)
Fabien Potencier discovered that Twig did not run sandbox security checks
in some circumstances. An attacker could possibly use this issue to cause
a denial of service or execute arbitrary commands. This issue only affected
Ubuntu 22.04 LTS and Ubuntu 24.04 LTS. (CVE-2024-45411)
Jamie Schouten discovered that Twig could bypass the security policy for
an object call. An attacker could possibly use this issue to obtain
sensitive information. (CVE-2024-51754)
Update instructions
In general, a standard system update will make all the necessary changes.
Learn more about how to get the fixes.The problem can be corrected by updating your system to the following package versions:
| Ubuntu Release | Package Version | ||
|---|---|---|---|
| 24.04 noble | php-twig – 3.8.0-2ubuntu0.1~esm1 | ||
| 22.04 jammy | php-twig – 3.3.8-2ubuntu4+esm2 | ||
| 20.04 focal | php-twig – 2.12.5-1ubuntu0.1~esm2 | ||
Reduce your security exposure
Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.