csaf_redhat - rhsa-2014:0747

rhsa-2014:0747

Vulnerability from csaf_redhat

Published

2014-06-11 17:13

Modified

2025-08-02 00:11

Summary

Red Hat Security Advisory: python-jinja2 security update

Notes

Topic

Updated python-jinja2 packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.

Details

Jinja2 is a template engine written in pure Python. It provides a Django-inspired, non-XML syntax but supports inline expressions and an optional sandboxed environment. It was discovered that Jinja2 did not properly handle bytecode cache files stored in the system's temporary directory. A local attacker could use this flaw to alter the output of an application using Jinja2 and FileSystemBytecodeCache, and potentially execute arbitrary code with the privileges of that application. (CVE-2014-1402) All python-jinja2 users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. For the update to take effect, all applications using python-jinja2 must be restarted.

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Updated python-jinja2 packages that fix one security issue are now\navailable for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having Moderate\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available from the CVE link in\nthe References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Jinja2 is a template engine written in pure Python. It provides a\nDjango-inspired, non-XML syntax but supports inline expressions and an\noptional sandboxed environment.\n\nIt was discovered that Jinja2 did not properly handle bytecode cache files\nstored in the system\u0027s temporary directory. A local attacker could use this\nflaw to alter the output of an application using Jinja2 and\nFileSystemBytecodeCache, and potentially execute arbitrary code with the\nprivileges of that application. (CVE-2014-1402)\n\nAll python-jinja2 users are advised to upgrade to these updated packages,\nwhich contain a backported patch to correct this issue. For the update to\ntake effect, all applications using python-jinja2 must be restarted.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2014:0747",
        "url": "https://access.redhat.com/errata/RHSA-2014:0747"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#moderate",
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "category": "external",
        "summary": "1051421",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1051421"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2014/rhsa-2014_0747.json"
      }
    ],
    "title": "Red Hat Security Advisory: python-jinja2 security update",
    "tracking": {
      "current_release_date": "2025-08-02T00:11:31+00:00",
      "generator": {
        "date": "2025-08-02T00:11:31+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.6.6"
        }
      },
      "id": "RHSA-2014:0747",
      "initial_release_date": "2014-06-11T17:13:32+00:00",
      "revision_history": [
        {
          "date": "2014-06-11T17:13:32+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2014-06-11T17:13:32+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2025-08-02T00:11:31+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Desktop Optional (v. 6)",
                "product": {
                  "name": "Red Hat Enterprise Linux Desktop Optional (v. 6)",
                  "product_id": "6Client-optional-6.5.z",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:6::client"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux HPC Node Optional (v. 6)",
                "product": {
                  "name": "Red Hat Enterprise Linux HPC Node Optional (v. 6)",
                  "product_id": "6ComputeNode-optional-6.5.z",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:6::computenode"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Server Optional (v. 6)",
                "product": {
                  "name": "Red Hat Enterprise Linux Server Optional (v. 6)",
                  "product_id": "6Server-optional-6.5.z",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:6::server"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Workstation Optional (v. 6)",
                "product": {
                  "name": "Red Hat Enterprise Linux Workstation Optional (v. 6)",
                  "product_id": "6Workstation-optional-6.5.z",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:6::workstation"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "python-jinja2-debuginfo-0:2.2.1-2.el6_5.i686",
                "product": {
                  "name": "python-jinja2-debuginfo-0:2.2.1-2.el6_5.i686",
                  "product_id": "python-jinja2-debuginfo-0:2.2.1-2.el6_5.i686",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/python-jinja2-debuginfo@2.2.1-2.el6_5?arch=i686"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "python-jinja2-0:2.2.1-2.el6_5.i686",
                "product": {
                  "name": "python-jinja2-0:2.2.1-2.el6_5.i686",
                  "product_id": "python-jinja2-0:2.2.1-2.el6_5.i686",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/python-jinja2@2.2.1-2.el6_5?arch=i686"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "i686"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "python-jinja2-debuginfo-0:2.2.1-2.el6_5.x86_64",
                "product": {
                  "name": "python-jinja2-debuginfo-0:2.2.1-2.el6_5.x86_64",
                  "product_id": "python-jinja2-debuginfo-0:2.2.1-2.el6_5.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/python-jinja2-debuginfo@2.2.1-2.el6_5?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "python-jinja2-0:2.2.1-2.el6_5.x86_64",
                "product": {
                  "name": "python-jinja2-0:2.2.1-2.el6_5.x86_64",
                  "product_id": "python-jinja2-0:2.2.1-2.el6_5.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/python-jinja2@2.2.1-2.el6_5?arch=x86_64"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "python-jinja2-0:2.2.1-2.el6_5.src",
                "product": {
                  "name": "python-jinja2-0:2.2.1-2.el6_5.src",
                  "product_id": "python-jinja2-0:2.2.1-2.el6_5.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/python-jinja2@2.2.1-2.el6_5?arch=src"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "python-jinja2-debuginfo-0:2.2.1-2.el6_5.s390x",
                "product": {
                  "name": "python-jinja2-debuginfo-0:2.2.1-2.el6_5.s390x",
                  "product_id": "python-jinja2-debuginfo-0:2.2.1-2.el6_5.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/python-jinja2-debuginfo@2.2.1-2.el6_5?arch=s390x"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "python-jinja2-0:2.2.1-2.el6_5.s390x",
                "product": {
                  "name": "python-jinja2-0:2.2.1-2.el6_5.s390x",
                  "product_id": "python-jinja2-0:2.2.1-2.el6_5.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/python-jinja2@2.2.1-2.el6_5?arch=s390x"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "python-jinja2-debuginfo-0:2.2.1-2.el6_5.ppc64",
                "product": {
                  "name": "python-jinja2-debuginfo-0:2.2.1-2.el6_5.ppc64",
                  "product_id": "python-jinja2-debuginfo-0:2.2.1-2.el6_5.ppc64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/python-jinja2-debuginfo@2.2.1-2.el6_5?arch=ppc64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "python-jinja2-0:2.2.1-2.el6_5.ppc64",
                "product": {
                  "name": "python-jinja2-0:2.2.1-2.el6_5.ppc64",
                  "product_id": "python-jinja2-0:2.2.1-2.el6_5.ppc64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/python-jinja2@2.2.1-2.el6_5?arch=ppc64"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python-jinja2-0:2.2.1-2.el6_5.i686 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)",
          "product_id": "6Client-optional-6.5.z:python-jinja2-0:2.2.1-2.el6_5.i686"
        },
        "product_reference": "python-jinja2-0:2.2.1-2.el6_5.i686",
        "relates_to_product_reference": "6Client-optional-6.5.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python-jinja2-0:2.2.1-2.el6_5.ppc64 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)",
          "product_id": "6Client-optional-6.5.z:python-jinja2-0:2.2.1-2.el6_5.ppc64"
        },
        "product_reference": "python-jinja2-0:2.2.1-2.el6_5.ppc64",
        "relates_to_product_reference": "6Client-optional-6.5.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python-jinja2-0:2.2.1-2.el6_5.s390x as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)",
          "product_id": "6Client-optional-6.5.z:python-jinja2-0:2.2.1-2.el6_5.s390x"
        },
        "product_reference": "python-jinja2-0:2.2.1-2.el6_5.s390x",
        "relates_to_product_reference": "6Client-optional-6.5.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python-jinja2-0:2.2.1-2.el6_5.src as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)",
          "product_id": "6Client-optional-6.5.z:python-jinja2-0:2.2.1-2.el6_5.src"
        },
        "product_reference": "python-jinja2-0:2.2.1-2.el6_5.src",
        "relates_to_product_reference": "6Client-optional-6.5.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python-jinja2-0:2.2.1-2.el6_5.x86_64 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)",
          "product_id": "6Client-optional-6.5.z:python-jinja2-0:2.2.1-2.el6_5.x86_64"
        },
        "product_reference": "python-jinja2-0:2.2.1-2.el6_5.x86_64",
        "relates_to_product_reference": "6Client-optional-6.5.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python-jinja2-debuginfo-0:2.2.1-2.el6_5.i686 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)",
          "product_id": "6Client-optional-6.5.z:python-jinja2-debuginfo-0:2.2.1-2.el6_5.i686"
        },
        "product_reference": "python-jinja2-debuginfo-0:2.2.1-2.el6_5.i686",
        "relates_to_product_reference": "6Client-optional-6.5.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python-jinja2-debuginfo-0:2.2.1-2.el6_5.ppc64 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)",
          "product_id": "6Client-optional-6.5.z:python-jinja2-debuginfo-0:2.2.1-2.el6_5.ppc64"
        },
        "product_reference": "python-jinja2-debuginfo-0:2.2.1-2.el6_5.ppc64",
        "relates_to_product_reference": "6Client-optional-6.5.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python-jinja2-debuginfo-0:2.2.1-2.el6_5.s390x as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)",
          "product_id": "6Client-optional-6.5.z:python-jinja2-debuginfo-0:2.2.1-2.el6_5.s390x"
        },
        "product_reference": "python-jinja2-debuginfo-0:2.2.1-2.el6_5.s390x",
        "relates_to_product_reference": "6Client-optional-6.5.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python-jinja2-debuginfo-0:2.2.1-2.el6_5.x86_64 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6)",
          "product_id": "6Client-optional-6.5.z:python-jinja2-debuginfo-0:2.2.1-2.el6_5.x86_64"
        },
        "product_reference": "python-jinja2-debuginfo-0:2.2.1-2.el6_5.x86_64",
        "relates_to_product_reference": "6Client-optional-6.5.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python-jinja2-0:2.2.1-2.el6_5.i686 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)",
          "product_id": "6ComputeNode-optional-6.5.z:python-jinja2-0:2.2.1-2.el6_5.i686"
        },
        "product_reference": "python-jinja2-0:2.2.1-2.el6_5.i686",
        "relates_to_product_reference": "6ComputeNode-optional-6.5.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python-jinja2-0:2.2.1-2.el6_5.ppc64 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)",
          "product_id": "6ComputeNode-optional-6.5.z:python-jinja2-0:2.2.1-2.el6_5.ppc64"
        },
        "product_reference": "python-jinja2-0:2.2.1-2.el6_5.ppc64",
        "relates_to_product_reference": "6ComputeNode-optional-6.5.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python-jinja2-0:2.2.1-2.el6_5.s390x as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)",
          "product_id": "6ComputeNode-optional-6.5.z:python-jinja2-0:2.2.1-2.el6_5.s390x"
        },
        "product_reference": "python-jinja2-0:2.2.1-2.el6_5.s390x",
        "relates_to_product_reference": "6ComputeNode-optional-6.5.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python-jinja2-0:2.2.1-2.el6_5.src as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)",
          "product_id": "6ComputeNode-optional-6.5.z:python-jinja2-0:2.2.1-2.el6_5.src"
        },
        "product_reference": "python-jinja2-0:2.2.1-2.el6_5.src",
        "relates_to_product_reference": "6ComputeNode-optional-6.5.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python-jinja2-0:2.2.1-2.el6_5.x86_64 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)",
          "product_id": "6ComputeNode-optional-6.5.z:python-jinja2-0:2.2.1-2.el6_5.x86_64"
        },
        "product_reference": "python-jinja2-0:2.2.1-2.el6_5.x86_64",
        "relates_to_product_reference": "6ComputeNode-optional-6.5.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python-jinja2-debuginfo-0:2.2.1-2.el6_5.i686 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)",
          "product_id": "6ComputeNode-optional-6.5.z:python-jinja2-debuginfo-0:2.2.1-2.el6_5.i686"
        },
        "product_reference": "python-jinja2-debuginfo-0:2.2.1-2.el6_5.i686",
        "relates_to_product_reference": "6ComputeNode-optional-6.5.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python-jinja2-debuginfo-0:2.2.1-2.el6_5.ppc64 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)",
          "product_id": "6ComputeNode-optional-6.5.z:python-jinja2-debuginfo-0:2.2.1-2.el6_5.ppc64"
        },
        "product_reference": "python-jinja2-debuginfo-0:2.2.1-2.el6_5.ppc64",
        "relates_to_product_reference": "6ComputeNode-optional-6.5.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python-jinja2-debuginfo-0:2.2.1-2.el6_5.s390x as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)",
          "product_id": "6ComputeNode-optional-6.5.z:python-jinja2-debuginfo-0:2.2.1-2.el6_5.s390x"
        },
        "product_reference": "python-jinja2-debuginfo-0:2.2.1-2.el6_5.s390x",
        "relates_to_product_reference": "6ComputeNode-optional-6.5.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python-jinja2-debuginfo-0:2.2.1-2.el6_5.x86_64 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6)",
          "product_id": "6ComputeNode-optional-6.5.z:python-jinja2-debuginfo-0:2.2.1-2.el6_5.x86_64"
        },
        "product_reference": "python-jinja2-debuginfo-0:2.2.1-2.el6_5.x86_64",
        "relates_to_product_reference": "6ComputeNode-optional-6.5.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python-jinja2-0:2.2.1-2.el6_5.i686 as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
          "product_id": "6Server-optional-6.5.z:python-jinja2-0:2.2.1-2.el6_5.i686"
        },
        "product_reference": "python-jinja2-0:2.2.1-2.el6_5.i686",
        "relates_to_product_reference": "6Server-optional-6.5.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python-jinja2-0:2.2.1-2.el6_5.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
          "product_id": "6Server-optional-6.5.z:python-jinja2-0:2.2.1-2.el6_5.ppc64"
        },
        "product_reference": "python-jinja2-0:2.2.1-2.el6_5.ppc64",
        "relates_to_product_reference": "6Server-optional-6.5.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python-jinja2-0:2.2.1-2.el6_5.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
          "product_id": "6Server-optional-6.5.z:python-jinja2-0:2.2.1-2.el6_5.s390x"
        },
        "product_reference": "python-jinja2-0:2.2.1-2.el6_5.s390x",
        "relates_to_product_reference": "6Server-optional-6.5.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python-jinja2-0:2.2.1-2.el6_5.src as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
          "product_id": "6Server-optional-6.5.z:python-jinja2-0:2.2.1-2.el6_5.src"
        },
        "product_reference": "python-jinja2-0:2.2.1-2.el6_5.src",
        "relates_to_product_reference": "6Server-optional-6.5.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python-jinja2-0:2.2.1-2.el6_5.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
          "product_id": "6Server-optional-6.5.z:python-jinja2-0:2.2.1-2.el6_5.x86_64"
        },
        "product_reference": "python-jinja2-0:2.2.1-2.el6_5.x86_64",
        "relates_to_product_reference": "6Server-optional-6.5.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python-jinja2-debuginfo-0:2.2.1-2.el6_5.i686 as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
          "product_id": "6Server-optional-6.5.z:python-jinja2-debuginfo-0:2.2.1-2.el6_5.i686"
        },
        "product_reference": "python-jinja2-debuginfo-0:2.2.1-2.el6_5.i686",
        "relates_to_product_reference": "6Server-optional-6.5.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python-jinja2-debuginfo-0:2.2.1-2.el6_5.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
          "product_id": "6Server-optional-6.5.z:python-jinja2-debuginfo-0:2.2.1-2.el6_5.ppc64"
        },
        "product_reference": "python-jinja2-debuginfo-0:2.2.1-2.el6_5.ppc64",
        "relates_to_product_reference": "6Server-optional-6.5.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python-jinja2-debuginfo-0:2.2.1-2.el6_5.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
          "product_id": "6Server-optional-6.5.z:python-jinja2-debuginfo-0:2.2.1-2.el6_5.s390x"
        },
        "product_reference": "python-jinja2-debuginfo-0:2.2.1-2.el6_5.s390x",
        "relates_to_product_reference": "6Server-optional-6.5.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python-jinja2-debuginfo-0:2.2.1-2.el6_5.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
          "product_id": "6Server-optional-6.5.z:python-jinja2-debuginfo-0:2.2.1-2.el6_5.x86_64"
        },
        "product_reference": "python-jinja2-debuginfo-0:2.2.1-2.el6_5.x86_64",
        "relates_to_product_reference": "6Server-optional-6.5.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python-jinja2-0:2.2.1-2.el6_5.i686 as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)",
          "product_id": "6Workstation-optional-6.5.z:python-jinja2-0:2.2.1-2.el6_5.i686"
        },
        "product_reference": "python-jinja2-0:2.2.1-2.el6_5.i686",
        "relates_to_product_reference": "6Workstation-optional-6.5.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python-jinja2-0:2.2.1-2.el6_5.ppc64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)",
          "product_id": "6Workstation-optional-6.5.z:python-jinja2-0:2.2.1-2.el6_5.ppc64"
        },
        "product_reference": "python-jinja2-0:2.2.1-2.el6_5.ppc64",
        "relates_to_product_reference": "6Workstation-optional-6.5.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python-jinja2-0:2.2.1-2.el6_5.s390x as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)",
          "product_id": "6Workstation-optional-6.5.z:python-jinja2-0:2.2.1-2.el6_5.s390x"
        },
        "product_reference": "python-jinja2-0:2.2.1-2.el6_5.s390x",
        "relates_to_product_reference": "6Workstation-optional-6.5.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python-jinja2-0:2.2.1-2.el6_5.src as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)",
          "product_id": "6Workstation-optional-6.5.z:python-jinja2-0:2.2.1-2.el6_5.src"
        },
        "product_reference": "python-jinja2-0:2.2.1-2.el6_5.src",
        "relates_to_product_reference": "6Workstation-optional-6.5.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python-jinja2-0:2.2.1-2.el6_5.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)",
          "product_id": "6Workstation-optional-6.5.z:python-jinja2-0:2.2.1-2.el6_5.x86_64"
        },
        "product_reference": "python-jinja2-0:2.2.1-2.el6_5.x86_64",
        "relates_to_product_reference": "6Workstation-optional-6.5.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python-jinja2-debuginfo-0:2.2.1-2.el6_5.i686 as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)",
          "product_id": "6Workstation-optional-6.5.z:python-jinja2-debuginfo-0:2.2.1-2.el6_5.i686"
        },
        "product_reference": "python-jinja2-debuginfo-0:2.2.1-2.el6_5.i686",
        "relates_to_product_reference": "6Workstation-optional-6.5.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python-jinja2-debuginfo-0:2.2.1-2.el6_5.ppc64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)",
          "product_id": "6Workstation-optional-6.5.z:python-jinja2-debuginfo-0:2.2.1-2.el6_5.ppc64"
        },
        "product_reference": "python-jinja2-debuginfo-0:2.2.1-2.el6_5.ppc64",
        "relates_to_product_reference": "6Workstation-optional-6.5.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python-jinja2-debuginfo-0:2.2.1-2.el6_5.s390x as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)",
          "product_id": "6Workstation-optional-6.5.z:python-jinja2-debuginfo-0:2.2.1-2.el6_5.s390x"
        },
        "product_reference": "python-jinja2-debuginfo-0:2.2.1-2.el6_5.s390x",
        "relates_to_product_reference": "6Workstation-optional-6.5.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python-jinja2-debuginfo-0:2.2.1-2.el6_5.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 6)",
          "product_id": "6Workstation-optional-6.5.z:python-jinja2-debuginfo-0:2.2.1-2.el6_5.x86_64"
        },
        "product_reference": "python-jinja2-debuginfo-0:2.2.1-2.el6_5.x86_64",
        "relates_to_product_reference": "6Workstation-optional-6.5.z"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2014-1402",
      "cwe": {
        "id": "CWE-377",
        "name": "Insecure Temporary File"
      },
      "discovery_date": "2014-01-10T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1051421"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "The default configuration for bccache.FileSystemBytecodeCache in Jinja2 before 2.7.2 does not properly create temporary files, which allows local users to gain privileges via a crafted .cache file with a name starting with __jinja2_ in /tmp.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "python-jinja2: FileSystemBytecodeCache insecure cache temporary file use",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "6Client-optional-6.5.z:python-jinja2-0:2.2.1-2.el6_5.i686",
          "6Client-optional-6.5.z:python-jinja2-0:2.2.1-2.el6_5.ppc64",
          "6Client-optional-6.5.z:python-jinja2-0:2.2.1-2.el6_5.s390x",
          "6Client-optional-6.5.z:python-jinja2-0:2.2.1-2.el6_5.src",
          "6Client-optional-6.5.z:python-jinja2-0:2.2.1-2.el6_5.x86_64",
          "6Client-optional-6.5.z:python-jinja2-debuginfo-0:2.2.1-2.el6_5.i686",
          "6Client-optional-6.5.z:python-jinja2-debuginfo-0:2.2.1-2.el6_5.ppc64",
          "6Client-optional-6.5.z:python-jinja2-debuginfo-0:2.2.1-2.el6_5.s390x",
          "6Client-optional-6.5.z:python-jinja2-debuginfo-0:2.2.1-2.el6_5.x86_64",
          "6ComputeNode-optional-6.5.z:python-jinja2-0:2.2.1-2.el6_5.i686",
          "6ComputeNode-optional-6.5.z:python-jinja2-0:2.2.1-2.el6_5.ppc64",
          "6ComputeNode-optional-6.5.z:python-jinja2-0:2.2.1-2.el6_5.s390x",
          "6ComputeNode-optional-6.5.z:python-jinja2-0:2.2.1-2.el6_5.src",
          "6ComputeNode-optional-6.5.z:python-jinja2-0:2.2.1-2.el6_5.x86_64",
          "6ComputeNode-optional-6.5.z:python-jinja2-debuginfo-0:2.2.1-2.el6_5.i686",
          "6ComputeNode-optional-6.5.z:python-jinja2-debuginfo-0:2.2.1-2.el6_5.ppc64",
          "6ComputeNode-optional-6.5.z:python-jinja2-debuginfo-0:2.2.1-2.el6_5.s390x",
          "6ComputeNode-optional-6.5.z:python-jinja2-debuginfo-0:2.2.1-2.el6_5.x86_64",
          "6Server-optional-6.5.z:python-jinja2-0:2.2.1-2.el6_5.i686",
          "6Server-optional-6.5.z:python-jinja2-0:2.2.1-2.el6_5.ppc64",
          "6Server-optional-6.5.z:python-jinja2-0:2.2.1-2.el6_5.s390x",
          "6Server-optional-6.5.z:python-jinja2-0:2.2.1-2.el6_5.src",
          "6Server-optional-6.5.z:python-jinja2-0:2.2.1-2.el6_5.x86_64",
          "6Server-optional-6.5.z:python-jinja2-debuginfo-0:2.2.1-2.el6_5.i686",
          "6Server-optional-6.5.z:python-jinja2-debuginfo-0:2.2.1-2.el6_5.ppc64",
          "6Server-optional-6.5.z:python-jinja2-debuginfo-0:2.2.1-2.el6_5.s390x",
          "6Server-optional-6.5.z:python-jinja2-debuginfo-0:2.2.1-2.el6_5.x86_64",
          "6Workstation-optional-6.5.z:python-jinja2-0:2.2.1-2.el6_5.i686",
          "6Workstation-optional-6.5.z:python-jinja2-0:2.2.1-2.el6_5.ppc64",
          "6Workstation-optional-6.5.z:python-jinja2-0:2.2.1-2.el6_5.s390x",
          "6Workstation-optional-6.5.z:python-jinja2-0:2.2.1-2.el6_5.src",
          "6Workstation-optional-6.5.z:python-jinja2-0:2.2.1-2.el6_5.x86_64",
          "6Workstation-optional-6.5.z:python-jinja2-debuginfo-0:2.2.1-2.el6_5.i686",
          "6Workstation-optional-6.5.z:python-jinja2-debuginfo-0:2.2.1-2.el6_5.ppc64",
          "6Workstation-optional-6.5.z:python-jinja2-debuginfo-0:2.2.1-2.el6_5.s390x",
          "6Workstation-optional-6.5.z:python-jinja2-debuginfo-0:2.2.1-2.el6_5.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2014-1402"
        },
        {
          "category": "external",
          "summary": "RHBZ#1051421",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1051421"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2014-1402",
          "url": "https://www.cve.org/CVERecord?id=CVE-2014-1402"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-1402",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-1402"
        }
      ],
      "release_date": "2014-01-09T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2014-06-11T17:13:32+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258",
          "product_ids": [
            "6Client-optional-6.5.z:python-jinja2-0:2.2.1-2.el6_5.i686",
            "6Client-optional-6.5.z:python-jinja2-0:2.2.1-2.el6_5.ppc64",
            "6Client-optional-6.5.z:python-jinja2-0:2.2.1-2.el6_5.s390x",
            "6Client-optional-6.5.z:python-jinja2-0:2.2.1-2.el6_5.src",
            "6Client-optional-6.5.z:python-jinja2-0:2.2.1-2.el6_5.x86_64",
            "6Client-optional-6.5.z:python-jinja2-debuginfo-0:2.2.1-2.el6_5.i686",
            "6Client-optional-6.5.z:python-jinja2-debuginfo-0:2.2.1-2.el6_5.ppc64",
            "6Client-optional-6.5.z:python-jinja2-debuginfo-0:2.2.1-2.el6_5.s390x",
            "6Client-optional-6.5.z:python-jinja2-debuginfo-0:2.2.1-2.el6_5.x86_64",
            "6ComputeNode-optional-6.5.z:python-jinja2-0:2.2.1-2.el6_5.i686",
            "6ComputeNode-optional-6.5.z:python-jinja2-0:2.2.1-2.el6_5.ppc64",
            "6ComputeNode-optional-6.5.z:python-jinja2-0:2.2.1-2.el6_5.s390x",
            "6ComputeNode-optional-6.5.z:python-jinja2-0:2.2.1-2.el6_5.src",
            "6ComputeNode-optional-6.5.z:python-jinja2-0:2.2.1-2.el6_5.x86_64",
            "6ComputeNode-optional-6.5.z:python-jinja2-debuginfo-0:2.2.1-2.el6_5.i686",
            "6ComputeNode-optional-6.5.z:python-jinja2-debuginfo-0:2.2.1-2.el6_5.ppc64",
            "6ComputeNode-optional-6.5.z:python-jinja2-debuginfo-0:2.2.1-2.el6_5.s390x",
            "6ComputeNode-optional-6.5.z:python-jinja2-debuginfo-0:2.2.1-2.el6_5.x86_64",
            "6Server-optional-6.5.z:python-jinja2-0:2.2.1-2.el6_5.i686",
            "6Server-optional-6.5.z:python-jinja2-0:2.2.1-2.el6_5.ppc64",
            "6Server-optional-6.5.z:python-jinja2-0:2.2.1-2.el6_5.s390x",
            "6Server-optional-6.5.z:python-jinja2-0:2.2.1-2.el6_5.src",
            "6Server-optional-6.5.z:python-jinja2-0:2.2.1-2.el6_5.x86_64",
            "6Server-optional-6.5.z:python-jinja2-debuginfo-0:2.2.1-2.el6_5.i686",
            "6Server-optional-6.5.z:python-jinja2-debuginfo-0:2.2.1-2.el6_5.ppc64",
            "6Server-optional-6.5.z:python-jinja2-debuginfo-0:2.2.1-2.el6_5.s390x",
            "6Server-optional-6.5.z:python-jinja2-debuginfo-0:2.2.1-2.el6_5.x86_64",
            "6Workstation-optional-6.5.z:python-jinja2-0:2.2.1-2.el6_5.i686",
            "6Workstation-optional-6.5.z:python-jinja2-0:2.2.1-2.el6_5.ppc64",
            "6Workstation-optional-6.5.z:python-jinja2-0:2.2.1-2.el6_5.s390x",
            "6Workstation-optional-6.5.z:python-jinja2-0:2.2.1-2.el6_5.src",
            "6Workstation-optional-6.5.z:python-jinja2-0:2.2.1-2.el6_5.x86_64",
            "6Workstation-optional-6.5.z:python-jinja2-debuginfo-0:2.2.1-2.el6_5.i686",
            "6Workstation-optional-6.5.z:python-jinja2-debuginfo-0:2.2.1-2.el6_5.ppc64",
            "6Workstation-optional-6.5.z:python-jinja2-debuginfo-0:2.2.1-2.el6_5.s390x",
            "6Workstation-optional-6.5.z:python-jinja2-debuginfo-0:2.2.1-2.el6_5.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2014:0747"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.4,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "products": [
            "6Client-optional-6.5.z:python-jinja2-0:2.2.1-2.el6_5.i686",
            "6Client-optional-6.5.z:python-jinja2-0:2.2.1-2.el6_5.ppc64",
            "6Client-optional-6.5.z:python-jinja2-0:2.2.1-2.el6_5.s390x",
            "6Client-optional-6.5.z:python-jinja2-0:2.2.1-2.el6_5.src",
            "6Client-optional-6.5.z:python-jinja2-0:2.2.1-2.el6_5.x86_64",
            "6Client-optional-6.5.z:python-jinja2-debuginfo-0:2.2.1-2.el6_5.i686",
            "6Client-optional-6.5.z:python-jinja2-debuginfo-0:2.2.1-2.el6_5.ppc64",
            "6Client-optional-6.5.z:python-jinja2-debuginfo-0:2.2.1-2.el6_5.s390x",
            "6Client-optional-6.5.z:python-jinja2-debuginfo-0:2.2.1-2.el6_5.x86_64",
            "6ComputeNode-optional-6.5.z:python-jinja2-0:2.2.1-2.el6_5.i686",
            "6ComputeNode-optional-6.5.z:python-jinja2-0:2.2.1-2.el6_5.ppc64",
            "6ComputeNode-optional-6.5.z:python-jinja2-0:2.2.1-2.el6_5.s390x",
            "6ComputeNode-optional-6.5.z:python-jinja2-0:2.2.1-2.el6_5.src",
            "6ComputeNode-optional-6.5.z:python-jinja2-0:2.2.1-2.el6_5.x86_64",
            "6ComputeNode-optional-6.5.z:python-jinja2-debuginfo-0:2.2.1-2.el6_5.i686",
            "6ComputeNode-optional-6.5.z:python-jinja2-debuginfo-0:2.2.1-2.el6_5.ppc64",
            "6ComputeNode-optional-6.5.z:python-jinja2-debuginfo-0:2.2.1-2.el6_5.s390x",
            "6ComputeNode-optional-6.5.z:python-jinja2-debuginfo-0:2.2.1-2.el6_5.x86_64",
            "6Server-optional-6.5.z:python-jinja2-0:2.2.1-2.el6_5.i686",
            "6Server-optional-6.5.z:python-jinja2-0:2.2.1-2.el6_5.ppc64",
            "6Server-optional-6.5.z:python-jinja2-0:2.2.1-2.el6_5.s390x",
            "6Server-optional-6.5.z:python-jinja2-0:2.2.1-2.el6_5.src",
            "6Server-optional-6.5.z:python-jinja2-0:2.2.1-2.el6_5.x86_64",
            "6Server-optional-6.5.z:python-jinja2-debuginfo-0:2.2.1-2.el6_5.i686",
            "6Server-optional-6.5.z:python-jinja2-debuginfo-0:2.2.1-2.el6_5.ppc64",
            "6Server-optional-6.5.z:python-jinja2-debuginfo-0:2.2.1-2.el6_5.s390x",
            "6Server-optional-6.5.z:python-jinja2-debuginfo-0:2.2.1-2.el6_5.x86_64",
            "6Workstation-optional-6.5.z:python-jinja2-0:2.2.1-2.el6_5.i686",
            "6Workstation-optional-6.5.z:python-jinja2-0:2.2.1-2.el6_5.ppc64",
            "6Workstation-optional-6.5.z:python-jinja2-0:2.2.1-2.el6_5.s390x",
            "6Workstation-optional-6.5.z:python-jinja2-0:2.2.1-2.el6_5.src",
            "6Workstation-optional-6.5.z:python-jinja2-0:2.2.1-2.el6_5.x86_64",
            "6Workstation-optional-6.5.z:python-jinja2-debuginfo-0:2.2.1-2.el6_5.i686",
            "6Workstation-optional-6.5.z:python-jinja2-debuginfo-0:2.2.1-2.el6_5.ppc64",
            "6Workstation-optional-6.5.z:python-jinja2-debuginfo-0:2.2.1-2.el6_5.s390x",
            "6Workstation-optional-6.5.z:python-jinja2-debuginfo-0:2.2.1-2.el6_5.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "python-jinja2: FileSystemBytecodeCache insecure cache temporary file use"
    }
  ]
}

CVE-2014-1402 (GCVE-0-2014-1402)

Vulnerability from cvelistv5

Published

2014-05-19 14:00

Modified

2024-08-06 09:42

Severity ?

CWE

Summary

The default configuration for bccache.FileSystemBytecodeCache in Jinja2 before 2.7.2 does not properly create temporary files, which allows local users to gain privileges via a crafted .cache file with a name starting with __jinja2_ in /tmp.

References

►

URL

Tags

	https://oss.oracle.com/pipermail/el-errata/2014-June/004192.html	mailing-list, x_refsource_MLIST
	http://openwall.com/lists/oss-security/2014/01/10/3	mailing-list, x_refsource_MLIST
	http://secunia.com/advisories/59017	third-party-advisory, x_refsource_SECUNIA
	http://secunia.com/advisories/56287	third-party-advisory, x_refsource_SECUNIA
	http://www.mandriva.com/security/advisories?name=MDVSA-2014:096	vendor-advisory, x_refsource_MANDRIVA
	http://secunia.com/advisories/58783	third-party-advisory, x_refsource_SECUNIA
	http://secunia.com/advisories/58918	third-party-advisory, x_refsource_SECUNIA
	http://secunia.com/advisories/60738	third-party-advisory, x_refsource_SECUNIA
	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=734747	x_refsource_CONFIRM
	https://bugzilla.redhat.com/show_bug.cgi?id=1051421	x_refsource_CONFIRM
	http://secunia.com/advisories/60770	third-party-advisory, x_refsource_SECUNIA
	http://rhn.redhat.com/errata/RHSA-2014-0747.html	vendor-advisory, x_refsource_REDHAT
	http://jinja.pocoo.org/docs/changelog/	x_refsource_CONFIRM
	http://www.gentoo.org/security/en/glsa/glsa-201408-13.xml	vendor-advisory, x_refsource_GENTOO
	http://openwall.com/lists/oss-security/2014/01/10/2	mailing-list, x_refsource_MLIST
	http://advisories.mageia.org/MGASA-2014-0028.html	x_refsource_CONFIRM
	http://rhn.redhat.com/errata/RHSA-2014-0748.html	vendor-advisory, x_refsource_REDHAT

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website