Alerts This Week
Warning Icon 1 1,394
Alerts This Week
Warning Icon 1 1,394

openSUSE 12: 2019:0244-1 moderate: python-Jinja2 cache risk

opensuse
Calendar Grey February 26, 2019
Dist Opensuse Esm H88
openSUSE Security Update: Security update for python-Jinja2 ________________________________________
An update that fixes one vulnerability is now available.

Description

This update for python-Jinja2 fixes the following issues:

- Update to 2.8

- Added `target` parameter to urlize function.

- Added support for `followsymlinks` to the file system loader.

- The truncate filter now counts the length.

- Added equalto filter that helps with select filters.

- Changed cache keys to use absolute file names if available instead of

load names.

- Fixed loop length calculation for some iterators.

- Changed how Jinja2 enforces strings to be native strings in Python 2

to work when people break their default encoding.

- Added :func:`make_logging_undefined` which returns an undefined

object that logs failures into a logger.

- If unmarshalling of cached data fails the template will be reloaded

now.

- Implemented a block ``set`` tag.

- Default cache size was incrased to 400 from a low 50.

- Fixed ``is number`` test to accept long integers in all Python

versions.

-...

Read the Full Advisory

Patch

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods

like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- SUSE Package Hub for SUSE Linux Enterprise 12:

zypper in -t patch openSUSE-2019-244=1

Package List

- SUSE Package Hub for SUSE Linux Enterprise 12 (noarch):

python-Jinja2-2.8-2.1

python-Jinja2-emacs-2.8-2.1

python-Jinja2-vim-2.8-2.1

References

https://www.suse.com/security/cve/CVE-2014-0012.html

https://bugzilla.suse.com/858239

--

Announcement ID: openSUSE-SU-2019:0244-1
Rating: moderate
Affected Products: SUSE Package Hub for SUSE Linux Enterprise 12

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here