Source | Text Version

QSN-4011-1: jinja2 vulnerabilities

June 6, 2019

Summary

Several security issues were fixed in Jinja2.

Details

Olivier Dony discovered that Jinja incorrectly handled str.format. An attacker could possibly use this issue to escape the sandbox. This issue only affected Ubuntu 16.04 LTS. (CVE-2016-10745)

Brian Welch discovered that Jinja incorrectly handled str.format_map. An attacker could possibly use this issue to escape the sandbox. (CVE-2019-10906)

References

https://usn.ubuntu.com/4011-1

http://people.canonical.com/~ubuntu-security/cve/CVE-2016-10745

http://people.canonical.com/~ubuntu-security/cve/CVE-2019-10906

Update

A general update will usually fix all issues, but to make sure, you can check your current version with:

$ dpkg -l python-jinja2

If the current version you have is before 2.8-1ubuntu0.1, run the following:

$ sudo apt-get update
$ sudo apt-get install python-jinja2

A general update will usually fix all issues, but to make sure, you can check your current version with:

$ dpkg -l python3-jinja2

If the current version you have is before 2.8-1ubuntu0.1, run the following:

$ sudo apt-get update
$ sudo apt-get install python3-jinja2

Copyright © 2010-2015, OSNEXUS Corporation. All rights reserved.