Advisories » MGASA-2019-0177

Updated python-jinja2 packages fix security vulnerability

Publication date: 18 May 2019
Modification date: 18 May 2019
Type: security
Affected Mageia releases : 6
CVE: CVE-2016-10745 , CVE-2019-10906

Description

Sandbox escape due to information disclosure via str.format
(CVE-2016-10745).
str.format_map allows sandbox escape (CVE-2019-10906).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=24787
• https://access.redhat.com/errata/RHSA-2019:1022
• https://access.redhat.com/errata/RHSA-2019:1152
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10745
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10906

SRPMS

6/core

• python-jinja2-2.10.1-1.mga6