USN-6599-1

See a problem?

Source

https://ubuntu.com/security/notices/USN-6599-1

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-6599-1.json

JSON Data

https://api.osv.dev/v1/vulns/USN-6599-1

Related

Published

2024-01-25T16:06:46.180532Z

Modified

2024-01-25T16:06:46.180532Z

Summary

jinja2 vulnerabilities

Details

Yeting Li discovered that Jinja incorrectly handled certain regex. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. (CVE-2020-28493)

It was discovered that Jinja incorrectly handled certain HTML passed with xmlatter filter. An attacker could inject arbitrary HTML attributes keys and values potentially leading to XSS. (CVE-2024-22195)

References

Affected packages

Ubuntu:Pro:14.04:LTS / jinja2

Package

Name: jinja2
Purl: pkg:deb/ubuntu/jinja2@2.7.2-2ubuntu0.1~esm2?arch=src?distro=trusty/esm

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.7.2-2ubuntu0.1~esm2

Affected versions

2.*

2.7-3

2.7.1-1

2.7.2-1

2.7.2-2

2.7.2-2ubuntu0.1~esm1

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
    "binaries": [
        {
            "python3-jinja2": "2.7.2-2ubuntu0.1~esm2",
            "python-jinja2": "2.7.2-2ubuntu0.1~esm2",
            "python-jinja2-doc": "2.7.2-2ubuntu0.1~esm2"
        }
    ]
}

Ubuntu:Pro:16.04:LTS / jinja2

Package

Name: jinja2
Purl: pkg:deb/ubuntu/jinja2@2.8-1ubuntu0.1+esm2?arch=src?distro=esm-infra/xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.8-1ubuntu0.1+esm2

Affected versions

2.*

2.8-1

2.8-1ubuntu0.1

2.8-1ubuntu0.1+esm1

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
    "binaries": [
        {
            "python3-jinja2": "2.8-1ubuntu0.1+esm2",
            "python-jinja2": "2.8-1ubuntu0.1+esm2",
            "python-jinja2-doc": "2.8-1ubuntu0.1+esm2"
        }
    ]
}

Ubuntu:Pro:18.04:LTS / jinja2

Package

Name: jinja2
Purl: pkg:deb/ubuntu/jinja2@2.10-1ubuntu0.18.04.1+esm1?arch=src?distro=esm-infra/bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.10-1ubuntu0.18.04.1+esm1

Affected versions

2.*

2.9.6-1

2.10-1

2.10-1ubuntu0.18.04.1

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
    "binaries": [
        {
            "python3-jinja2": "2.10-1ubuntu0.18.04.1+esm1",
            "python-jinja2": "2.10-1ubuntu0.18.04.1+esm1",
            "python-jinja2-doc": "2.10-1ubuntu0.18.04.1+esm1"
        }
    ]
}

Ubuntu:20.04:LTS / jinja2

Package

Name: jinja2
Purl: pkg:deb/ubuntu/jinja2@2.10.1-2ubuntu0.2?arch=src?distro=focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.10.1-2ubuntu0.2

Affected versions

2.*

2.10-2ubuntu1

2.10-2ubuntu2

2.10.1-1ubuntu1

2.10.1-2

Ecosystem specific

{
    "availability": "No subscription required",
    "binaries": [
        {
            "python3-jinja2": "2.10.1-2ubuntu0.2",
            "python-jinja2": "2.10.1-2ubuntu0.2",
            "python-jinja2-doc": "2.10.1-2ubuntu0.2"
        }
    ]
}

Ubuntu:22.04:LTS / jinja2

Package

Name: jinja2
Purl: pkg:deb/ubuntu/jinja2@3.0.3-1ubuntu0.1?arch=src?distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.0.3-1ubuntu0.1

Affected versions

2.*

2.11.3-1

3.*

3.0.1-2

3.0.3-1

Ecosystem specific

{
    "availability": "No subscription required",
    "binaries": [
        {
            "python3-jinja2": "3.0.3-1ubuntu0.1",
            "python-jinja2-doc": "3.0.3-1ubuntu0.1"
        }
    ]
}

Ubuntu:23.10 / jinja2

Package

Name: jinja2
Purl: pkg:deb/ubuntu/jinja2@3.1.2-1ubuntu0.23.10.1?arch=src?distro=mantic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.1.2-1ubuntu0.23.10.1

Affected versions

3.*

3.1.2-1

Ecosystem specific

{
    "availability": "No subscription required",
    "binaries": [
        {
            "python3-jinja2": "3.1.2-1ubuntu0.23.10.1",
            "python-jinja2-doc": "3.1.2-1ubuntu0.23.10.1"
        }
    ]
}