MGASA-2014-0028
- Source
- https://advisories.mageia.org/MGASA-2014-0028.html
- Import Source
- https://advisories.mageia.org/MGASA-2014-0028.json
- JSON Data
- https://api.osv.dev/v1/vulns/MGASA-2014-0028
- Related
- Published
- 2014-01-24T21:04:09Z
- Modified
- 2014-01-24T21:04:05Z
- Summary
- Updated python-jinja2 package fixes two security vulnerabilities
- Details
-
Updated python-jinja2 packages fix security vulnerability:
Jinja2, a template engine written in pure python, was found to use /tmp as a default directory for jinja2.bccache.FileSystemBytecodeCache, which is insecure because the /tmp directory is world-writable and the filenames used like 'FileSystemBytecodeCache' are often predictable. A malicious user could exploit this bug to execute arbitrary code as another user. (CVE-2014-1402)
- References
-
- https://advisories.mageia.org/MGASA-2014-0028.html
- http://openwall.com/lists/oss-security/2014/01/10/2
- http://openwall.com/lists/oss-security/2014/01/10/3
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=734747
- https://bugzilla.redhat.com/show_bug.cgi?id=1051421
- https://bugs.mageia.org/show_bug.cgi?id=12265
- Credits
-
-
- Mageia - COORDINATOR
-
Affected packages
Mageia:3 / python-jinja2
Package
- Name
- python-jinja2
- Purl
- pkg:rpm/mageia/python-jinja2?distro=mageia-3