Описание
Security update for python-Jinja2
The python-Jinja2 package was updated to version 2.7.3 to fix a security issues and some build problems.
The following vulnerabilities were fixed:
- Update to 2.7.3 (bnc#858239, CVE-2014-0012)
- Security issue: Corrected the security fix for the cache folder.
This fix was provided by RedHat.
- Security issue: Corrected the security fix for the cache folder.
The following build issues were fixed:
- run testsuite during build
- adjust dependency to use up to date package name for python-MarkupSafe
- fix package build (file selection missing)
Список пакетов
SUSE Cloud Compute Node for SUSE Linux Enterprise 12 5
python-Jinja2-2.7.3-4.1
SUSE Enterprise Storage 1.0
python-Jinja2-2.7.3-4.1
Ссылки
- Link for SUSE-SU-2015:1336-1
- E-Mail link for SUSE-SU-2015:1336-1
- SUSE Security Ratings
- SUSE Bug 858239
- SUSE CVE CVE-2014-0012 page
Описание
FileSystemBytecodeCache in Jinja2 2.7.2 does not properly create temporary directories, which allows local users to gain privileges by pre-creating a temporary directory with a user's uid. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-1402.
Затронутые продукты
SUSE Cloud Compute Node for SUSE Linux Enterprise 12 5:python-Jinja2-2.7.3-4.1
SUSE Enterprise Storage 1.0:python-Jinja2-2.7.3-4.1
Ссылки
- CVE-2014-0012
- SUSE Bug 858239