Explore top 10 tips to secure your open-source projects now. Read More
×
Several security issues were fixed in Jinja2.
Software Description:
- jinja2: small but fast and easy to use stand-alone template engine
Details:
Olivier Dony discovered that Jinja incorrectly handled str.format. An
attacker could possibly use this issue to escape the sandbox. This issue
only affected Ubuntu 16.04 LTS. (CVE-2016-10745)
Brian Welch discovered that Jinja incorrectly handled str.format_map. An
attacker could possibly use this issue to escape the sandbox.
(CVE-2019-10906)
The problem can be corrected by updating your system to the following package versions: Ubuntu 19.04: python-jinja2 2.10-1ubuntu0.19.04.1 python3-jinja2 2.10-1ubuntu0.19.04.1 Ubuntu 18.10: python-jinja2 2.10-1ubuntu0.18.10.1 python3-jinja2 2.10-1ubuntu0.18.10.1 Ubuntu 18.04 LTS: python-jinja2 2.10-1ubuntu0.18.04.1 python3-jinja2 2.10-1ubuntu0.18.04.1 Ubuntu 16.04 LTS: python-jinja2 2.8-1ubuntu0.1 python3-jinja2 2.8-1ubuntu0.1 In general, a standard system update will make all the necessary changes.
https://ubuntu.com/security/notices/USN-4011-1
CVE-2016-10745, CVE-2019-10906
Get the latest Linux and open source security news straight to your inbox.