USN-4011-2: Jinja2 vulnerabilities
jinja2 vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.04 ESM
- Ubuntu 12.04 ESM
Summary
Several security issues were fixed in Jinja2.
Software Description
- jinja2 – small but fast and easy to use stand-alone template engine
Details
USN-4011-1 fixed several vulnerabilities in Jinja2. This update provides
the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM.
Original advisory details:
Olivier Dony discovered that Jinja incorrectly handled str.format. An
attacker could possibly use this issue to escape the sandbox.
(CVE-2016-10745)
Brian Welch discovered that Jinja incorrectly handled str.format_map. An
attacker could possibly use this issue to escape the sandbox.
(CVE-2019-10906)
Update instructions
The problem can be corrected by updating your system to the following package versions:
- Ubuntu 14.04 ESM
- python-jinja2 – 2.7.2-2ubuntu0.1~esm1
- python3-jinja2 – 2.7.2-2ubuntu0.1~esm1
- Ubuntu 12.04 ESM
- python-jinja2 – 2.6-1ubuntu0.2
- python3-jinja2 – 2.6-1ubuntu0.2
To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.
In general, a standard system update will make all the necessary changes.
Leave a Reply