- Vulnerability/
- USN-4011-1
USN-4011-1: Jinja2 vulnerabilities
First published: Thu Jun 06 2019(Updated: )
Olivier Dony discovered that Jinja incorrectly handled str.format. An attacker could possibly use this issue to escape the sandbox. This issue only affected Ubuntu 16.04 LTS. (CVE-2016-10745) Brian Welch discovered that Jinja incorrectly handled str.format_map. An attacker could possibly use this issue to escape the sandbox. (CVE-2019-10906)
| Affected Software | Affected Version | How to fix |
|---|---|---|
| All of | ||
| ubuntu/python-jinja2 | <2.10-1ubuntu0.19.04.1 | 2.10-1ubuntu0.19.04.1 |
| =19.04 | ||
| All of | ||
| ubuntu/python3-jinja2 | <2.10-1ubuntu0.19.04.1 | 2.10-1ubuntu0.19.04.1 |
| =19.04 | ||
| All of | ||
| ubuntu/python-jinja2 | <2.10-1ubuntu0.18.10.1 | 2.10-1ubuntu0.18.10.1 |
| =18.10 | ||
| All of | ||
| ubuntu/python3-jinja2 | <2.10-1ubuntu0.18.10.1 | 2.10-1ubuntu0.18.10.1 |
| =18.10 | ||
| All of | ||
| ubuntu/python-jinja2 | <2.10-1ubuntu0.18.04.1 | 2.10-1ubuntu0.18.04.1 |
| =18.04 | ||
| All of | ||
| ubuntu/python3-jinja2 | <2.10-1ubuntu0.18.04.1 | 2.10-1ubuntu0.18.04.1 |
| =18.04 | ||
| All of | ||
| ubuntu/python-jinja2 | <2.8-1ubuntu0.1 | 2.8-1ubuntu0.1 |
| =16.04 | ||
| All of | ||
| ubuntu/python3-jinja2 | <2.8-1ubuntu0.1 | 2.8-1ubuntu0.1 |
| =16.04 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://ubuntu.com/security/CVE-2016-10745
- https://ubuntu.com/security/CVE-2019-10906
- https://ubuntu.com/security/notices/USN-4011-2
- https://launchpad.net/ubuntu/+source/jinja2/2.10-1ubuntu0.19.04.1
- https://launchpad.net/ubuntu/+source/jinja2/2.10-1ubuntu0.18.10.1
- https://launchpad.net/ubuntu/+source/jinja2/2.10-1ubuntu0.18.04.1
- https://launchpad.net/ubuntu/+source/jinja2/2.8-1ubuntu0.1
- https://ubuntu.com/security/notices/USN-4011-1 (Advisory)
Frequently Asked Questions
What is the vulnerability ID for this security notice?
The vulnerability ID for this security notice is USN-4011-1.
What is the severity level of this vulnerability?
The severity level of this vulnerability is not mentioned.
What is the description of this vulnerability?
The vulnerability is related to Jinja2 and it incorrectly handles str.format and str.format_map, which could allow an attacker to escape the sandbox.
Which versions of Ubuntu are affected by this vulnerability?
This vulnerability only affects Ubuntu 16.04 LTS, Ubuntu 18.04, and Ubuntu 19.04.
How can I fix this vulnerability?
To fix this vulnerability, update the python-jinja2 and python3-jinja2 packages to version 2.10-1ubuntu0.19.04.1 for Ubuntu 19.04, version 2.10-1ubuntu0.18.10.1 for Ubuntu 18.10, version 2.10-1ubuntu0.18.04.1 for Ubuntu 18.04, and version 2.8-1ubuntu0.1 for Ubuntu 16.04.
- agent/severity
- agent/references
- agent/type
- agent/first-publish-date
- agent/last-modified-date
- agent/softwarecombine
- agent/title
- agent/tags
- agent/description
- agent/event
- collector/usn
- source/Ubuntu
- anchor-related/USN-4011-2
- agent/software-canonical-lookup
- agent/trending
- package-manager/ubuntu
- vendor/ubuntu
- canonical/ubuntu ubuntu
- version/ubuntu ubuntu/19.04
- version/ubuntu ubuntu/18.10
- version/ubuntu ubuntu/18.04
- version/ubuntu ubuntu/16.04