Moderate CentOS python-jinja2 Update

Metadata

medium
4.4
python-jinja2-2.2.1-2.el6_5.i686.rpm, python-jinja2-2.2.1-2.el6_5.src.rpm, python-jinja2-2.2.1-2.el6_5.x86_64.rpm
CVE-2014-1402
rhn.redhat.com, lists.centos.org
2014-06-11
2017-07-27 19:06
ALAS-2014-371
CVE-2014-1402 jinja2
CVE-2014-1402
2017-04-01 19:08
2017-01-05 20:12

Description


Updated python-jinja2 packages that fix one security issue are now
available for Red Hat Enterprise Linux 6.

The Red Hat Security Response Team has rated this update as having Moderate
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.

Jinja2 is a template engine written in pure Python. It provides a
Django-inspired, non-XML syntax but supports inline expressions and an
optional sandboxed environment.

It was discovered that Jinja2 did not properly handle bytecode cache files
stored in the system's temporary directory. A local attacker could use this
flaw to alter the output of an application using Jinja2 and
FileSystemBytecodeCache, and potentially execute arbitrary code with the
privileges of that application. (CVE-2014-1402)

All python-jinja2 users are advised to upgrade to these updated packages,
which contain a backported patch to correct this issue. For the update to
take effect, all applications using python-jinja2 must be restarted.
Please see https://www.redhat.com/footer/terms-of-use.html

Am I vulnerable?

The constraints below list the versions that this vulnerability is patched in, and versions that are unaffected. If a patch is ready but unrealeased, then it is pending.

Or, you can just let us figure it out for you! Appcanary continously monitor your installed packages, and tell you if any of them are vulnerable.

Sign up for monitoring

Affected package information

Release Package Patched in
6 python-jinja2 python-jinja2-2.2.1-2.el6_5.i686.rpm
python-jinja2 python-jinja2-2.2.1-2.el6_5.src.rpm
python-jinja2 python-jinja2-2.2.1-2.el6_5.x86_64.rpm