Alerts This Week
Warning Icon 1 938
Alerts This Week
Warning Icon 1 938

Ubuntu 7343-2: Jinja2 Security Advisory Updates

ubuntu
Calendar Grey March 13, 2025
Dist Ubuntu Esm H88
Jinja2 update for Ubuntu addresses a critical regression issue from a previous advisory impacting template execution.
USN-7343-1 introduced a regression in Jinja2.

Summary

USN-7343-1 introduced a regression in Jinja2.

Software Description:

- jinja2: small but fast and easy to use stand-alone template engine

Details:

USN-7343-1 fixed vulnerabilities in Jinja2. The update introduced a

regression when attempting to import Jinja2 on Ubuntu 18.04 LTS and

Ubuntu 20.04 LTS. This update fixes the problem.

We apologize for the inconvenience.

Original advisory details:

Rafal Krupinski discovered that Jinja2 did not properly restrict

the execution of code in situations where templates are used maliciously.

An attacker with control over a template's filename and content could

potentially use this issue to enable the execution of arbitrary code.

This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS.

(CVE-2024-56201)

It was discovered that Jinja2 sandboxed environments could be escaped

through a call to a string format method. An attacker could possibly use

this issue to enable the execution of arbitrary code. This issue on...

Read the Full Advisory

Topics%20covered

Topics Covered

security advisory security issue code execution Ubuntu arbitrary code regression jinja2

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 20.04 LTS
   python-jinja2                   2.10.1-2ubuntu0.6
   python3-jinja2                  2.10.1-2ubuntu0.6

Ubuntu 18.04 LTS
   python-jinja2                   2.10-1ubuntu0.18.04.1+esm5
                                   Available with Ubuntu Pro
   python3-jinja2                  2.10-1ubuntu0.18.04.1+esm5
                                   Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-7343-2

https://ubuntu.com/security/notices/USN-7343-1

https://bugs.launchpad.net/ubuntu/+source/jinja2/+bug/2102129

Severity
critical
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-7343-2

Topics%20covered

Topics Covered

security advisory security issue code execution Ubuntu arbitrary code regression jinja2

Package Information

https://launchpad.net/ubuntu/+source/jinja2/2.10.1-2ubuntu0.6

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here