Gentoo Linux Security Advisory 201408-13 - Multiple vulnerabilities have been found in Jinja2, allowing local attackers to escalate their privileges. Versions less than 2.7.3 are affected.
45f5f1798920b592c6c3fbfb7e03ae46684a6d440f2f5afdd03f111a7ff058f6Ubuntu Security Notice 2301-1 - It was discovered that Jinja2 incorrectly handled temporary cache files and directories. A local attacker could use this issue to possibly gain privileges.
3a91ff5ebd149d7e0aab5ae4a428957385901e2a8fa50facfe13ef486970061aRed Hat Security Advisory 2014-0748-01 - Jinja2 is a template engine written in pure Python. It provides a Django-inspired, non-XML syntax but supports inline expressions and an optional sandboxed environment. It was discovered that Jinja2 did not properly handle bytecode cache files stored in the system's temporary directory. A local attacker could use this flaw to alter the output of an application using Jinja2 and FileSystemBytecodeCache, and potentially execute arbitrary code with the privileges of that application. All Jinja2 users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. For the update to take effect, all applications using Jinja2 must be restarted.
41b87145f59f03dd674367516a968f2e87fc6aac2fb28885597f14cda1723d86Red Hat Security Advisory 2014-0747-01 - Jinja2 is a template engine written in pure Python. It provides a Django-inspired, non-XML syntax but supports inline expressions and an optional sandboxed environment. It was discovered that Jinja2 did not properly handle bytecode cache files stored in the system's temporary directory. A local attacker could use this flaw to alter the output of an application using Jinja2 and FileSystemBytecodeCache, and potentially execute arbitrary code with the privileges of that application. All python-jinja2 users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. For the update to take effect, all applications using python-jinja2 must be restarted.
88953f562e5aade5e188e2e266cafb435bf8892b046ab5fa8f31b1e26eb81a91Mandriva Linux Security Advisory 2014-096 - Jinja2, a template engine written in pure python, was found to use /tmp as a default directory for jinja2.bccache.FileSystemBytecodeCache, which is insecure because the /tmp directory is world-writable and the filenames used like 'FileSystemBytecodeCache' are often predictable. A malicious user could exploit this bug to execute arbitrary code as another user.
44d1301723529558867f49387a9bf314f26c0cfebb92615d2c4d9e985a3c2f81
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed