Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 27 articles for you...
87
security advisoryphpdebianDebian Trixie php-twig Important Code Injection Fixes DSA-6311-1
Multiple security vulnerabilities were discovered in Twig, a template engine for PHP, which could result in PHP code injection, sandbox bypass or cross-site scripting. For the stable distribution (trixie), these problems have been fixed in version 3.27.0-0+deb13u1.. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6311-1
May 29, 2026
•Important
Debian
89
security advisoryupdateFedoraFedora 40: python-jinja2 2025-8b6aa24ab4 Security Advisory Updates
Version 3.1.6 Released 2025-03-05 The |attr filter does not bypass the environment's attribute lookup, allowing the sandbox to apply its checks.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-8b6aa24ab4 2025-03-25 00:57:48.852448+00:00 -------------------------------------------------------------------------------- Name : python-jinja2 Product : Fedora 40 Version : 3.1.6 Release : 1.fc40 URL : https://palletsprojects.com/projects/jinja/ Summary : General purpose template engine Description : Jinja2 is a template engine written in pure Python. It provides a Django inspired non-XML syntax but supports inline expressions and an optional sandboxed environment. If you have any exposure to other text-based template languages, such as Smarty or Django, you should feel right at home with Jinja2. It's both designer and developer friendly by sticking to Python's principles and adding functionality useful for templating environments. -------------------------------------------------------------------------------- Update Information: Version 3.1.6 Released 2025-03-05 The |attr filter does not bypass the environment's attribute lookup, allowing the sandbox to apply its checks. -------------------------------------------------------------------------------- ChangeLog: * Sun Mar 9 2025 Thomas Moschny - 3.1.6-1 - Update to 3.1.6. * Sat Jan 18 2025 Fedora Release Engineering - 3.1.5-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #2350190 - CVE-2025-27516 jinja2: Jinja sandbox breakout through attr filter selecting format method https://bugzilla.redhat.com/show_bug.cgi?id=2350190 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnfupgrade --advisory FEDORA-2025-8b6aa24ab4' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Mar 25, 2025
•Critical
Fedora
89
security advisoryupdateFedoraFedora 41 python-jinja2 Security Advisory FEDORA-2025-cd7f5876b2 critical
Version 3.1.6 Released 2025-03-05 The |attr filter does not bypass the environment's attribute lookup, allowing the sandbox to apply its checks.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-cd7f5876b2 2025-03-11 01:33:11.319592+00:00 -------------------------------------------------------------------------------- Name : python-jinja2 Product : Fedora 41 Version : 3.1.6 Release : 1.fc41 URL : https://palletsprojects.com/projects/jinja/ Summary : General purpose template engine Description : Jinja2 is a template engine written in pure Python. It provides a Django inspired non-XML syntax but supports inline expressions and an optional sandboxed environment. If you have any exposure to other text-based template languages, such as Smarty or Django, you should feel right at home with Jinja2. It's both designer and developer friendly by sticking to Python's principles and adding functionality useful for templating environments. -------------------------------------------------------------------------------- Update Information: Version 3.1.6 Released 2025-03-05 The |attr filter does not bypass the environment's attribute lookup, allowing the sandbox to apply its checks. -------------------------------------------------------------------------------- ChangeLog: * Sun Mar 9 2025 Thomas Moschny - 3.1.6-1 - Update to 3.1.6. * Sat Jan 18 2025 Fedora Release Engineering - 3.1.5-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #2350190 - CVE-2025-27516 jinja2: Jinja sandbox breakout through attr filter selecting format method https://bugzilla.redhat.com/show_bug.cgi?id=2350190 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnfupgrade --advisory FEDORA-2025-cd7f5876b2' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Mar 11, 2025
•Critical
Fedora
89
security advisorycriticalFedoraFedora 40: python-jinja2 3.1.5 security advisory for CVE-2024-56201
Update to 3.1.5 Security fix for CVE-2024-56201. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-6ed1e0c3c6 2025-01-22 01:48:50.175539+00:00 -------------------------------------------------------------------------------- Name : python-jinja2 Product : Fedora 40 Version : 3.1.5 Release : 1.fc40 URL : https://palletsprojects.com/projects/jinja/ Summary : General purpose template engine Description : Jinja2 is a template engine written in pure Python. It provides a Django inspired non-XML syntax but supports inline expressions and an optional sandboxed environment. If you have any exposure to other text-based template languages, such as Smarty or Django, you should feel right at home with Jinja2. It's both designer and developer friendly by sticking to Python's principles and adding functionality useful for templating environments. -------------------------------------------------------------------------------- Update Information: Update to 3.1.5 Security fix for CVE-2024-56201 -------------------------------------------------------------------------------- ChangeLog: * Wed Jan 8 2025 Miro HronÄok - 3.1.5-1 - Update to 3.1.5 - Security fix for CVE-2024-56201 - Fixes: rhzb#2333688 - Fixes: rhzb#2336377 * Fri Jul 19 2024 Fedora Release Engineering - 3.1.4-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild * Sat Jun 8 2024 Python Maint - 3.1.4-4 - Rebuilt for Python 3.13 * Fri Jun 7 2024 Python Maint - 3.1.4-3 - Bootstrap for Python 3.13 * Thu May 23 2024 Miro HronÄok - 3.1.4-2 - Python 3.13 fixes - Fixes: rhzb#2245265 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2333854 - CVE-2024-56201 jinja2: Jinja has a sandbox breakout through malicious filenames https://bugzilla.redhat.com/show_bug.cgi?id=2333854 -------------------------------------------------------------------------------- This update can beinstalled with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-6ed1e0c3c6' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- . Fedora 40 users should note a vital update for python-jinja2 has been issued to fix a major security flaw associated with CVE-2024-56201. Act now to secure your systems!. Fedora, Python Jinja2, Security Update, Template Engine, CVE Fix. . Severity: Important. LinuxSecurity.com Team
Jan 22, 2025
•Important
Fedora
89
security advisoryFedorasecurity fixFedora 41: FEDORA-2025-7b6e208ef2 moderate: python-jinja2 sandbox issue
Update to 3.1.5 Security fix for CVE-2024-56201. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-7b6e208ef2 2025-01-12 01:37:12.378777+00:00 -------------------------------------------------------------------------------- Name : python-jinja2 Product : Fedora 41 Version : 3.1.5 Release : 1.fc41 URL : https://palletsprojects.com/projects/jinja/ Summary : General purpose template engine Description : Jinja2 is a template engine written in pure Python. It provides a Django inspired non-XML syntax but supports inline expressions and an optional sandboxed environment. If you have any exposure to other text-based template languages, such as Smarty or Django, you should feel right at home with Jinja2. It's both designer and developer friendly by sticking to Python's principles and adding functionality useful for templating environments. -------------------------------------------------------------------------------- Update Information: Update to 3.1.5 Security fix for CVE-2024-56201 -------------------------------------------------------------------------------- ChangeLog: * Wed Jan 8 2025 Miro HronÄok - 3.1.5-1 - Update to 3.1.5 - Security fix for CVE-2024-56201 - Fixes: rhzb#2333688 - Fixes: rhzb#2336377 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2333854 - CVE-2024-56201 jinja2: Jinja has a sandbox breakout through malicious filenames https://bugzilla.redhat.com/show_bug.cgi?id=2333854 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-7b6e208ef2' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys usedby the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- . Patch released for python-jinja2 on Fedora 41 targeting a sandbox escape vulnerability. Upgrade to version 3.1.5 is now accessible.. Fedora Updates, python-jinja2 security, template engine fix, sandbox breakout, security advisory. . LinuxSecurity.com Team
Jan 12, 2025
Fedora
87
security advisorydebiancritical updateDebian Bookworm DSA-5771-1: Critical Php-Twig Sandbox Bypass Fix
Fabien Potencier discovered that under some conditions the sandbox mechanism of Twig, a template engine for PHP, could by bypassed. For the stable distribution (bookworm), this problem has been fixed in . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-5771-1
Sep 17, 2024
•Critical
Debian
219
security advisorymoderatesecurity updateRocky Linux: RLSA-2024:4232 Important Update for Python Jinja2 Security
Moderate: python-jinja2 security update. {"type": "TYPE_SECURITY", "shortCode": "RL", "name": "RLSA-2024:4231", "synopsis": "Moderate: python-jinja2 security update", "severity": "SEVERITY_MODERATE", "topic": "An update is available for python-jinja2.\nThis update affects Rocky Linux 8.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list", "description": "The python-jinja2 package contains Jinja2, a template engine written in pure Python. Jinja2 provides a Django inspired non-XML syntax but supports inline expressions and an optional sandboxed environment. \n\nSecurity Fix(es):\n\n* jinja2: accepts keys containing non-attribute characters (CVE-2024-34064)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "solution": null, "affectedProducts": ["Rocky Linux 8"], "fixes": [{"ticket": "2279476", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2279476", "description": ""}], "cves": [{"name": "CVE-2024-34064", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2024-34064", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "cvss3BaseScore": "5.4", "cwe": "CWE-79"}], "references": [], "publishedAt": "2024-07-15T12:17:49.133583Z", "rpms": {"Rocky Linux 8": {"nvras": ["python3-jinja2-0:2.10.1-5.el8_10.noarch.rpm", "python-jinja2-0:2.10.1-5.el8_10.src.rpm"]}}, "rebootSuggested": false, "buildReferences": []}. The recent update for python-jinja2 in Rocky Linux improves security measures and addresses vulnerabilities associated with non-attribute characters.. Rocky Linux,RLSA-2024:4231,python-jinja2,security update. . Severity: Important. LinuxSecurity.com Team
Jul 15, 2024
•Important
Rocky Linux
89
security advisorycriticalFedoraFedora 39: FEDORA-2024-702b7d51a3 Critical: XSS Flaw in django-templates
Security fix for CVE-2024-22195. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2024-604e4c3509 2024-01-27 02:11:29.806432 -------------------------------------------------------------------------------- Name : python-jinja2 Product : Fedora 38 Version : 3.1.3 Release : 1.fc38 URL : https://palletsprojects.com/projects/jinja/ Summary : General purpose template engine Description : Jinja2 is a template engine written in pure Python. It provides a Django inspired non-XML syntax but supports inline expressions and an optional sandboxed environment. If you have any exposure to other text-based template languages, such as Smarty or Django, you should feel right at home with Jinja2. It's both designer and developer friendly by sticking to Python's principles and adding functionality useful for templating environments. -------------------------------------------------------------------------------- Update Information: Security fix for CVE-2024-22195 -------------------------------------------------------------------------------- ChangeLog: * Thu Jan 11 2024 Michel Lind - 3.1.3-1 - Update to 3.1.3 to fix CVE-2024-22195 * Tue Aug 8 2023 Karolina Surma - 3.1.2-6 - Declare the license as an SPDX expression * Fri Jul 21 2023 Fedora Release Engineering - 3.1.2-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild * Fri Jun 16 2023 Python Maint - 3.1.2-4 - Rebuilt for Python 3.12 * Tue Jun 13 2023 Python Maint - 3.1.2-3 - Bootstrap for Python 3.12 * Fri May 19 2023 Yaakov Selkowitz - 3.1.2-2 - Disable docs by default in RHEL builds * Mon May 1 2023 Sandro Mani - 3.1.2-1 - Update to 3.1.2 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2257854 - CVE-2024-22195 jinja2: HTML attribute injection when passing user input as keys to xmlattr filter https://bugzilla.redhat.com/show_bug.cgi?id=2257854 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-604e4c3509' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Jan 27, 2024
•Critical
Fedora
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!