Login
Newsletter
Werbung

Sicherheit: Zwei Probleme in python-Jinja2
Aktuelle Meldungen Distributionen
Name: Zwei Probleme in python-Jinja2
ID: SUSE-SU-2020:3096-1
Distribution: SUSE
Plattformen: SUSE Linux Enterprise Module for Public Cloud 12, SUSE Linux Enterprise Module for Advanced Systems Management 12, SUSE Manager Tools 12
Datum: Do, 29. Oktober 2020, 22:38
Referenzen: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10906
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8341
Applikationen: Jinja2

Originalnachricht


SUSE Security Update: Security update for python-Jinja2
______________________________________________________________________________

Announcement ID: SUSE-SU-2020:3096-1
Rating: important
References: #1125815 #1132323
Cross-References: CVE-2019-10906 CVE-2019-8341
Affected Products:
SUSE Manager Tools 12
SUSE Linux Enterprise Module for Public Cloud 12
SUSE Linux Enterprise Module for Advanced Systems
Management 12
______________________________________________________________________________

An update that fixes two vulnerabilities is now available.

Description:

This update for python-Jinja2 fixes the following issues:

- CVE-2019-10906: Fixed a sandbox escape due to information disclosure via
str.format (bsc#1132323).
- CVE-2019-8341: Fixed a command injection in function from_string
(bsc#1125815).


Patch Instructions:

To install this SUSE Security Update use the SUSE recommended installation
methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- SUSE Manager Tools 12:

zypper in -t patch SUSE-SLE-Manager-Tools-12-2020-3096=1

- SUSE Linux Enterprise Module for Public Cloud 12:

zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2020-3096=1

- SUSE Linux Enterprise Module for Advanced Systems Management 12:

zypper in -t patch SUSE-SLE-Module-Adv-Systems-Management-12-2020-3096=1



Package List:

- SUSE Manager Tools 12 (noarch):

python-Jinja2-2.8-19.20.1
python3-Jinja2-2.8-19.20.1

- SUSE Linux Enterprise Module for Public Cloud 12 (noarch):

python-Jinja2-2.8-19.20.1
python3-Jinja2-2.8-19.20.1

- SUSE Linux Enterprise Module for Advanced Systems Management 12 (noarch):

python-Jinja2-2.8-19.20.1
python3-Jinja2-2.8-19.20.1


References:

https://www.suse.com/security/cve/CVE-2019-10906.html
https://www.suse.com/security/cve/CVE-2019-8341.html
https://bugzilla.suse.com/1125815
https://bugzilla.suse.com/1132323
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung