MGASA-2014-0028

Source
https://advisories.mageia.org/MGASA-2014-0028.html
Import Source
https://advisories.mageia.org/MGASA-2014-0028.json
JSON Data
https://api.osv.dev/v1/vulns/MGASA-2014-0028
Related
Published
2014-01-24T21:04:09Z
Modified
2014-01-24T21:04:05Z
Summary
Updated python-jinja2 package fixes two security vulnerabilities
Details

Updated python-jinja2 packages fix security vulnerability:

Jinja2, a template engine written in pure python, was found to use /tmp as a default directory for jinja2.bccache.FileSystemBytecodeCache, which is insecure because the /tmp directory is world-writable and the filenames used like 'FileSystemBytecodeCache' are often predictable. A malicious user could exploit this bug to execute arbitrary code as another user. (CVE-2014-1402)

References
Credits

Affected packages

Mageia:3 / python-jinja2

Package

Name
python-jinja2
Purl
pkg:rpm/mageia/python-jinja2?distro=mageia-3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.5.5-8.2.mga3

Ecosystem specific

{
    "section": "core"
}