Ubuntu 24.04 LTS: USN-6787-1 Moderate: Jinja2 XSS Security Alert

ubuntu

May 29, 2024

Jinja2 could allow cross-site scripting (XSS) attacks.

Summary

A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 24.04 LTS - Ubuntu 23.10 - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS - Ubuntu 14.04 LTS Summary: Jinja2 could allow cross-site scripting (XSS) attacks. Software Description: - jinja2: small but fast and easy to use stand-alone template engine Details: It was discovered that Jinja2 incorrectly handled certain HTML attributes that were accepted by the xmlattr filter. An attacker could use this issue to inject arbitrary HTML attribute keys and values to potentially execute a cross-site scripting (XSS) attack.

Topics Covered

security advisory software update ubuntu xss threat jinja2

Update Instructions

The problem can be corrected by updating your system to the following package versions: Ubuntu 24.04 LTS python3-jinja2 3.1.2-1ubuntu1.1 Ubuntu 23.10 python3-jinja2 3.1.2-1ubuntu0.23.10.2 Ubuntu 22.04 LTS python3-jinja2 3.0.3-1ubuntu0.2 Ubuntu 20.04 LTS python-jinja2 2.10.1-2ubuntu0.3 python3-jinja2 2.10.1-2ubuntu0.3 Ubuntu 18.04 LTS python-jinja2 2.10-1ubuntu0.18.04.1+esm2 Available with Ubuntu Pro python3-jinja2 2.10-1ubuntu0.18.04.1+esm2 Available with Ubuntu Pro Ubuntu 16.04 LTS python-jinja2 2.8-1ubuntu0.1+esm3 Available with Ubuntu Pro python3-jinja2 2.8-1ubuntu0.1+esm3 Available with Ubuntu Pro Ubuntu 14.04 LTS python-jinja2 2.7.2-2ubuntu0.1~esm3 Available with Ubuntu Pro python3-jinja2 2.7.2-2ubuntu0.1~esm3 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-6787-1

CVE-2024-34064

Severity

important

Lowest

Low

Medium

High

Critical

Ubuntu Security Notice USN-6787-1

Topics Covered

security advisory software update ubuntu xss threat jinja2

Package Information

https://launchpad.net/ubuntu/+source/jinja2/3.1.2-1ubuntu1.1 https://launchpad.net/ubuntu/+source/jinja2/3.1.2-1ubuntu0.23.10.2 https://launchpad.net/ubuntu/+source/jinja2/3.0.3-1ubuntu0.2 https://launchpad.net/ubuntu/+source/jinja2/2.10.1-2ubuntu0.3

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Ubuntu 24.04 LTS: USN-6787-1 Moderate: Jinja2 XSS Security Alert

Summary

Topics Covered

Update Instructions

References

Topics Covered

Package Information

Get the latest News and Insights

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Ubuntu 24.04 LTS: USN-6787-1 Moderate: Jinja2 XSS Security Alert

Summary

Topics Covered

Update Instructions

References

Topics Covered

Package Information

Get the latest News and Insights

Related Articles

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!