Vulnerability CVE-2014-1402: Information
Description
The default configuration for bccache.FileSystemBytecodeCache in Jinja2 before 2.7.2 does not properly create temporary files, which allows local users to gain privileges via a crafted .cache file with a name starting with __jinja2_ in /tmp.
Severity: MEDIUM (4.4)
Fixed packages
Package name | Branch | Fixed in version | Version from repository | Errata ID | Task # | State |
---|---|---|---|---|---|---|
python-module-jinja2 | p9 | 2.11.2-alt1 | 2.11.2-alt1 | ALT-PU-2020-3106-2 | 254838 | Fixed |
python3-module-jinja2 | p10 | 3.0.1-alt1.p10.1 | 3.0.1-alt1.p10.1 | ALT-PU-2024-3036-5 | 341197 | Fixed |