You are here
Home > Preporuke > Sigurnosni propusti programskog paketa jinja2

Sigurnosni propusti programskog paketa jinja2

  • Detalji os-a: LUB
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LUB

==========================================================================
Ubuntu Security Notice USN-2301-1
July 24, 2014

jinja2 vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 12.04 LTS

Summary:

A security issue was fixed in Jinja2.

Software Description:
– jinja2: small but fast and easy to use stand-alone template engine

Details:

It was discovered that Jinja2 incorrectly handled temporary cache files and
directories. A local attacker could use this issue to possibly gain
privileges.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 12.04 LTS:
python-jinja2 2.6-1ubuntu0.1
python3-jinja2 2.6-1ubuntu0.1

In general, a standard system update will make all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-2301-1
CVE-2014-0012, CVE-2014-1402

Package Information:
https://launchpad.net/ubuntu/+source/jinja2/2.6-1ubuntu0.1

—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1

iQIcBAEBCgAGBQJT0Q6oAAoJEGVp2FWnRL6TCx8QAI+YA3QUdx3ebfSOTwt0KWeW
wne5PAFeaaX/ncGd84GGbECJvdTmw3wQVftyOG9ssltStl2i696HuUoQbvMlifSe
0jHLsjHKgj6waJ3EcywQSR4m8FBLkNKQx0/r7Z3ZNbKe3Y/Mvv/RH9c+LsN4n00o
t1T047tO1z51uiuZTfVs8aYpK0FzqiN48vfhmnDQn9IYcpqVLOlpT08n4D5Ri9f/
blDhjWXh+EHVUzcZ59I9rPUpHnT3sEY8OBeAtCvRPCqDh6ECciyZMBmS9kCxYKj1
IPURHhFfTKRPHN9FI/3GWN+IIwE/3ItfOScevtkS9Nosigc9NqDWQXcmWhGuxBGG
vlvKQkniMCbPTFOSdCeVdIauYjTlbQKXH5xus/QJmQpndadP9pa468rf3dGNd5Nn
ZJ58iN8xTr0lvqi9z+TFFRZkcLOs+rc2Z3tzF/3RdNkG4HrPOFBcUIzrGdL7tnEQ
xu+a8yKjBy2b0qkmuRj+U19TcOs+QRZusFtmKxNU2hAYSs+Ixl9l/oXDloGcfXtL
NcKafo0RZpcrQ8HfhG1NKxPbHM4RiOJzp/t1iH1yAFC67/Qjx8IhJ794M4hw53At
0AL90zfZCwUbu1wqC5b66aRabv0N6SwaBEXPmqx0btJ3TvFHuQvfdYBzQ5bwtk7b
eQBsBNAZVlDlVte6cNf1
=xkhz
—–END PGP SIGNATURE—–

AutorTomislav Protega
Cert idNCERT-REF-2014-07-0026-ADV
CveCVE-2014-0012 CVE-2014-1402
ID izvornikaUSN-2301-1
Proizvodjinja2
Izvorhttp://www.ubuntu.com
Top
More in Preporuke
Ranjivost programske biblioteke lzo2

Otkrivena je ranjivost u funkciji zo1x_decompress_safe() unutar biblioteke lzo2 koja za posljedicu ima cjelobrojno prepisivanje. Uspješno iskorištavanje ranjivosti može dovesti...

Close