Jinja2 is a template engine written in pure Python. It provides a
Django-inspired, non-XML syntax but supports inline expressions and an
optional sandboxed environment.
It was discovered that Jinja2 did not properly handle bytecode cache files
stored in the system’s temporary directory. A local attacker could use this
flaw to alter the output of an application using Jinja2 and
FileSystemBytecodeCache, and potentially execute arbitrary code with the
privileges of that application. (CVE-2014-1402)
All python-jinja2 users are advised to upgrade to these updated packages,
which contain a backported patch to correct this issue. For the update to
take effect, all applications using python-jinja2 must be restarted.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | 6 | s390x | python-jinja2 | < 2.2.1-2.el6_5 | python-jinja2-2.2.1-2.el6_5.s390x.rpm |
RedHat | 6 | s390x | python-jinja2-debuginfo | < 2.2.1-2.el6_5 | python-jinja2-debuginfo-2.2.1-2.el6_5.s390x.rpm |
RedHat | 6 | i686 | python-jinja2-debuginfo | < 2.2.1-2.el6_5 | python-jinja2-debuginfo-2.2.1-2.el6_5.i686.rpm |
RedHat | 6 | x86_64 | python-jinja2 | < 2.2.1-2.el6_5 | python-jinja2-2.2.1-2.el6_5.x86_64.rpm |
RedHat | 6 | x86_64 | python-jinja2-debuginfo | < 2.2.1-2.el6_5 | python-jinja2-debuginfo-2.2.1-2.el6_5.x86_64.rpm |
RedHat | 6 | i686 | python-jinja2 | < 2.2.1-2.el6_5 | python-jinja2-2.2.1-2.el6_5.i686.rpm |
RedHat | 6 | src | python-jinja2 | < 2.2.1-2.el6_5 | python-jinja2-2.2.1-2.el6_5.src.rpm |
RedHat | 6 | ppc64 | python-jinja2-debuginfo | < 2.2.1-2.el6_5 | python-jinja2-debuginfo-2.2.1-2.el6_5.ppc64.rpm |
RedHat | 6 | ppc64 | python-jinja2 | < 2.2.1-2.el6_5 | python-jinja2-2.2.1-2.el6_5.ppc64.rpm |