Synopsis:          Moderate: python-jinja2 security update
Advisory ID:       SLSA-2014:0747-1
Issue Date:        2014-06-11
CVE Numbers:       CVE-2014-1402
--

It was discovered that Jinja2 did not properly handle bytecode cache files
stored in the system's temporary directory. A local attacker could use
this flaw to alter the output of an application using Jinja2 and
FileSystemBytecodeCache, and potentially execute arbitrary code with the
privileges of that application. (CVE-2014-1402)

For the update to take effect, all applications using python-jinja2 must
be restarted.
--

SL6
  x86_64
    python-jinja2-2.2.1-2.el6_5.x86_64.rpm
    python-jinja2-debuginfo-2.2.1-2.el6_5.x86_64.rpm
  i386
    python-jinja2-2.2.1-2.el6_5.i686.rpm
    python-jinja2-debuginfo-2.2.1-2.el6_5.i686.rpm

- Scientific Linux Development Team