Advisories ยป MGASA-2014-0028

Updated python-jinja2 package fixes two security vulnerabilities

Publication date: 24 Jan 2014
Type: security
Affected Mageia releases : 3
CVE: CVE-2014-1402


Updated python-jinja2 packages fix security vulnerability:

Jinja2, a template engine written in pure python, was found to use /tmp 
as a default directory for jinja2.bccache.FileSystemBytecodeCache, which 
is insecure because the /tmp directory is world-writable and the 
filenames used like 'FileSystemBytecodeCache' are often predictable. A 
malicious user could exploit this bug to execute arbitrary code as 
another user. (CVE-2014-1402)