USN-4011-1: Jinja2 vulnerabilities<\/p>\n
A security issue affects these releases of Ubuntu and its derivatives:<\/p>\n
Several security issues were fixed in Jinja2.<\/p>\n
Olivier Dony discovered that Jinja incorrectly handled str.format. An
\nattacker could possibly use this issue to escape the sandbox. This issue
\nonly affected Ubuntu 16.04 LTS. (CVE-2016-10745)<\/p>\n
Brian Welch discovered that Jinja incorrectly handled str.format_map. An
\nattacker could possibly use this issue to escape the sandbox.
\n(CVE-2019-10906)<\/p>\n
The problem can be corrected by updating your system to the following package versions:<\/p>\n
To update your system, please follow these instructions: https:\/\/wiki.ubuntu.com\/Security\/Upgrades<\/a>.<\/p>\n In general, a standard system update will make all the necessary changes.<\/p>\n Source: USN-4011-1: Jinja2 vulnerabilities<\/a><\/p>\n","protected":false},"excerpt":{"rendered":" USN-4011-1: Jinja2 vulnerabilities jinja2 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.04 Ubuntu 18.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary Several security issues were fixed in Jinja2. Software Description jinja2 – small but fast and easy to use stand-alone template engine Details Olivier Dony discovered that Jinja incorrectly handled str.format. An attacker could possibly use this issue to escape the sandbox. This issue only affected Ubuntu 16.04 LTS. (CVE-2016-10745) Brian Welch discovered that Jinja incorrectly handled str.format_map. An attacker could possibly use this issue to escape the sandbox. (CVE-2019-10906) Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.04 python-jinja2 – 2.10-1ubuntu0.19.04.1 python3-jinja2 – 2.10-1ubuntu0.19.04.1 Ubuntu 18.10 python-jinja2 – 2.10-1ubuntu0.18.10.1 python3-jinja2 – 2.10-1ubuntu0.18.10.1 Ubuntu 18.04 LTS python-jinja2 – 2.10-1ubuntu0.18.04.1 python3-jinja2 – 2.10-1ubuntu0.18.04.1 Ubuntu 16.04 LTS [ more… ]<\/a><\/p>\n<\/div>","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[586],"tags":[587],"class_list":["post-31476","post","type-post","status-publish","format-standard","hentry","category-ubuntu-usn","tag-ubuntu-usn"],"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/posts\/31476","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/comments?post=31476"}],"version-history":[{"count":1,"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/posts\/31476\/revisions"}],"predecessor-version":[{"id":31477,"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/posts\/31476\/revisions\/31477"}],"wp:attachment":[{"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/media?parent=31476"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/categories?post=31476"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/tags?post=31476"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}References<\/h2>\n
\n