SCIENTIFIC-LINUX-ERRATA Archives

June 2014

SCIENTIFIC-LINUX-ERRATA@LISTSERV.FNAL.GOV
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Security ERRATA Moderate: python-jinja2 on SL6.x i386/x86_64
From:
Pat Riehecky <[log in to unmask]>
Reply To:
[log in to unmask]
Date:
Wed, 11 Jun 2014 20:07:11 +0000
Content-Type:
text/plain
Parts/Attachments:
text/plain (26 lines) 
Synopsis:          Moderate: python-jinja2 security update
Advisory ID:       SLSA-2014:0747-1
Issue Date:        2014-06-11
CVE Numbers:       CVE-2014-1402
--

It was discovered that Jinja2 did not properly handle bytecode cache files
stored in the system's temporary directory. A local attacker could use
this flaw to alter the output of an application using Jinja2 and
FileSystemBytecodeCache, and potentially execute arbitrary code with the
privileges of that application. (CVE-2014-1402)

For the update to take effect, all applications using python-jinja2 must
be restarted.
--

SL6
  x86_64
    python-jinja2-2.2.1-2.el6_5.x86_64.rpm
    python-jinja2-debuginfo-2.2.1-2.el6_5.x86_64.rpm
  i386
    python-jinja2-2.2.1-2.el6_5.i686.rpm
    python-jinja2-debuginfo-2.2.1-2.el6_5.i686.rpm

- Scientific Linux Development Team

ATOM RSS1 RSS2