Synopsis: Moderate: python-jinja2 security update
Advisory ID: SLSA-2014:0747-1
Issue Date: 2014-06-11
CVE Numbers: CVE-2014-1402
—
It was discovered that Jinja2 did not properly handle bytecode cache files
stored in the system’s temporary directory. A local attacker could use
this flaw to alter the output of an application using Jinja2 and
FileSystemBytecodeCache, and potentially execute arbitrary code with the
privileges of that application. (CVE-2014-1402)
For the update to take effect, all applications using python-jinja2 must
be restarted.
—
SL6
x86_64
python-jinja2-2.2.1-2.el6_5.x86_64.rpm
python-jinja2-debuginfo-2.2.1-2.el6_5.x86_64.rpm
i386
python-jinja2-2.2.1-2.el6_5.i686.rpm
python-jinja2-debuginfo-2.2.1-2.el6_5.i686.rpm
– Scientific Linux Development Team
