USN-4011-2: Jinja2 vulnerabilities
6 June 2019
Several security issues were fixed in Jinja2.
Releases
Packages
- jinja2 - small but fast and easy to use stand-alone template engine
Details
USN-4011-1 fixed several vulnerabilities in Jinja2. This update provides
the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM.
Original advisory details:
Olivier Dony discovered that Jinja incorrectly handled str.format. An
attacker could possibly use this issue to escape the sandbox.
(CVE-2016-10745)
Brian Welch discovered that Jinja incorrectly handled str.format_map. An
attacker could possibly use this issue to escape the sandbox.
(CVE-2019-10906)
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 14.04
Ubuntu 12.04
In general, a standard system update will make all the necessary changes.
References
Related notices
- USN-4011-1: jinja2, python-jinja2, python-jinja2-doc, python3-jinja2