USN-4011-1

See a problem?

Source

https://ubuntu.com/security/notices/USN-4011-1

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-4011-1.json

JSON Data

https://api.osv.dev/v1/vulns/USN-4011-1

Related

Published

2019-06-06T11:14:04.967449Z

Modified

2019-06-06T11:14:04.967449Z

Summary

jinja2 vulnerabilities

Details

Olivier Dony discovered that Jinja incorrectly handled str.format. An attacker could possibly use this issue to escape the sandbox. This issue only affected Ubuntu 16.04 LTS. (CVE-2016-10745)

Brian Welch discovered that Jinja incorrectly handled str.format_map. An attacker could possibly use this issue to escape the sandbox. (CVE-2019-10906)

References

Affected packages

Ubuntu:16.04:LTS / jinja2

Package

Name: jinja2
Purl: pkg:deb/ubuntu/jinja2@2.8-1ubuntu0.1?arch=src?distro=xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.8-1ubuntu0.1

Affected versions

2.*

2.8-1

Ecosystem specific

{
    "availability": "No subscription required",
    "binaries": [
        {
            "python3-jinja2": "2.8-1ubuntu0.1",
            "python-jinja2": "2.8-1ubuntu0.1",
            "python-jinja2-doc": "2.8-1ubuntu0.1"
        }
    ]
}

Ubuntu:18.04:LTS / jinja2

Package

Name: jinja2
Purl: pkg:deb/ubuntu/jinja2@2.10-1ubuntu0.18.04.1?arch=src?distro=bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.10-1ubuntu0.18.04.1

Affected versions

2.*

2.9.6-1

2.10-1

Ecosystem specific

{
    "availability": "No subscription required",
    "binaries": [
        {
            "python3-jinja2": "2.10-1ubuntu0.18.04.1",
            "python-jinja2": "2.10-1ubuntu0.18.04.1",
            "python-jinja2-doc": "2.10-1ubuntu0.18.04.1"
        }
    ]
}