Updated python-jinja2 packages that fix one security issue are nowavailable for Red Hat Enterprise Linux 6.The Red Hat Security Response Team has rated this update as having Moderatesecurity impact. A Common Vulnerability Scoring System (CVSS) base score,which gives a detailed severity rating, is available from the CVE link inthe References section.

Jinja2 is a template engine written in pure Python. It provides aDjango-inspired, non-XML syntax but supports inline expressions and anoptional sandboxed environment.It was discovered that Jinja2 did not properly handle bytecode cache filesstored in the system’s temporary directory. A local attacker could use thisflaw to alter the output of an application using Jinja2 andFileSystemBytecodeCache, and potentially execute arbitrary code with theprivileges of that application. (CVE-2014-1402)All python-jinja2 users are advised to upgrade to these updated packages,which contain a backported patch to correct this issue. For the update totake effect, all applications using python-jinja2 must be restarted.
Before applying this update, make sure all previously released erratarelevant to your system have been applied.This update is available via the Red Hat Network. Details on how to use theRed Hat Network to apply this update are available athttps://access.redhat.com/site/articles/11258Red Hat Enterprise Linux Desktop (v. 6)

SRPMS:
python-jinja2-2.2.1-2.el6_5.src.rpm
    MD5: 865cf2bd34bdc108a5ee9135a9da3f44SHA-256: 8526d501a170d4728d45f0035bad597bbf66952c13a8ae527287f0c0ce1b96ce
 
IA-32:
python-jinja2-2.2.1-2.el6_5.i686.rpm
    MD5: 65b5a2bf14dd5d81ba530bbcffd1267aSHA-256: 079da0f48f7a643a2ea83913e3ac3ee98f5491a38fd9c5c2814e7cf295dcbd0e
python-jinja2-debuginfo-2.2.1-2.el6_5.i686.rpm
    MD5: ec411f776e4e9412171fed319c9ce864SHA-256: 2a37f1855a05a7face1003964d32f6c7319724322f87debba95fb52645b0b882
 
x86_64:
python-jinja2-2.2.1-2.el6_5.x86_64.rpm
    MD5: 3ccb40a56aa1f6ac9f57405c50c2d447SHA-256: c472b980521d4ee2e026fc4a626c771878ec15987cd55590c1046dcad612dab8
python-jinja2-debuginfo-2.2.1-2.el6_5.x86_64.rpm
    MD5: e92a05c559ab9b086f7e51f433cb473cSHA-256: 5c3b40a788696c8b3598cb92dce0c4a664cca8e90db2e02e7a5e8f5bf38545c8
 
Red Hat Enterprise Linux HPC Node (v. 6)

SRPMS:
python-jinja2-2.2.1-2.el6_5.src.rpm
    MD5: 865cf2bd34bdc108a5ee9135a9da3f44SHA-256: 8526d501a170d4728d45f0035bad597bbf66952c13a8ae527287f0c0ce1b96ce
 
x86_64:
python-jinja2-2.2.1-2.el6_5.x86_64.rpm
    MD5: 3ccb40a56aa1f6ac9f57405c50c2d447SHA-256: c472b980521d4ee2e026fc4a626c771878ec15987cd55590c1046dcad612dab8
python-jinja2-debuginfo-2.2.1-2.el6_5.x86_64.rpm
    MD5: e92a05c559ab9b086f7e51f433cb473cSHA-256: 5c3b40a788696c8b3598cb92dce0c4a664cca8e90db2e02e7a5e8f5bf38545c8
 
Red Hat Enterprise Linux Server (v. 6)

SRPMS:
python-jinja2-2.2.1-2.el6_5.src.rpm
    MD5: 865cf2bd34bdc108a5ee9135a9da3f44SHA-256: 8526d501a170d4728d45f0035bad597bbf66952c13a8ae527287f0c0ce1b96ce
 
IA-32:
python-jinja2-2.2.1-2.el6_5.i686.rpm
    MD5: 65b5a2bf14dd5d81ba530bbcffd1267aSHA-256: 079da0f48f7a643a2ea83913e3ac3ee98f5491a38fd9c5c2814e7cf295dcbd0e
python-jinja2-debuginfo-2.2.1-2.el6_5.i686.rpm
    MD5: ec411f776e4e9412171fed319c9ce864SHA-256: 2a37f1855a05a7face1003964d32f6c7319724322f87debba95fb52645b0b882
 
PPC:
python-jinja2-2.2.1-2.el6_5.ppc64.rpm
    MD5: e87d4cf6ef5171aa49787fafb78cc06fSHA-256: 41ace63f028ed4d78ebc9aea0bee06d270db8e93c100ba045f125715a7c14f96
python-jinja2-debuginfo-2.2.1-2.el6_5.ppc64.rpm
    MD5: 4096309bd8c1b921a0a9a437e2aad437SHA-256: 811287c27614164785a94ce34053c91150e8ff288e091025ed41cf4f9f83a5eb
 
s390x:
python-jinja2-2.2.1-2.el6_5.s390x.rpm
    MD5: 11624f600f7bfd55a86fadd0b68232f9SHA-256: aa9db901fea4451d392669f9ac5f4aa45b32d70002548ce751c44ebdb52a0700
python-jinja2-debuginfo-2.2.1-2.el6_5.s390x.rpm
    MD5: c9519a0fe73d19993585f49498bcb187SHA-256: b8fd867e28dac5353a328ddea1f4613e76d6657121b231b7c4bbb3d80aabe3f2
 
x86_64:
python-jinja2-2.2.1-2.el6_5.x86_64.rpm
    MD5: 3ccb40a56aa1f6ac9f57405c50c2d447SHA-256: c472b980521d4ee2e026fc4a626c771878ec15987cd55590c1046dcad612dab8
python-jinja2-debuginfo-2.2.1-2.el6_5.x86_64.rpm
    MD5: e92a05c559ab9b086f7e51f433cb473cSHA-256: 5c3b40a788696c8b3598cb92dce0c4a664cca8e90db2e02e7a5e8f5bf38545c8
 
Red Hat Enterprise Linux Server AUS (v. 6.5)

SRPMS:
python-jinja2-2.2.1-2.el6_5.src.rpm
    MD5: 865cf2bd34bdc108a5ee9135a9da3f44SHA-256: 8526d501a170d4728d45f0035bad597bbf66952c13a8ae527287f0c0ce1b96ce
 
x86_64:
python-jinja2-2.2.1-2.el6_5.x86_64.rpm
    MD5: 3ccb40a56aa1f6ac9f57405c50c2d447SHA-256: c472b980521d4ee2e026fc4a626c771878ec15987cd55590c1046dcad612dab8
python-jinja2-debuginfo-2.2.1-2.el6_5.x86_64.rpm
    MD5: e92a05c559ab9b086f7e51f433cb473cSHA-256: 5c3b40a788696c8b3598cb92dce0c4a664cca8e90db2e02e7a5e8f5bf38545c8
 
Red Hat Enterprise Linux Server EUS (v. 6.5.z)

SRPMS:
python-jinja2-2.2.1-2.el6_5.src.rpm
    MD5: 865cf2bd34bdc108a5ee9135a9da3f44SHA-256: 8526d501a170d4728d45f0035bad597bbf66952c13a8ae527287f0c0ce1b96ce
 
IA-32:
python-jinja2-2.2.1-2.el6_5.i686.rpm
    MD5: 65b5a2bf14dd5d81ba530bbcffd1267aSHA-256: 079da0f48f7a643a2ea83913e3ac3ee98f5491a38fd9c5c2814e7cf295dcbd0e
python-jinja2-debuginfo-2.2.1-2.el6_5.i686.rpm
    MD5: ec411f776e4e9412171fed319c9ce864SHA-256: 2a37f1855a05a7face1003964d32f6c7319724322f87debba95fb52645b0b882
 
PPC:
python-jinja2-2.2.1-2.el6_5.ppc64.rpm
    MD5: e87d4cf6ef5171aa49787fafb78cc06fSHA-256: 41ace63f028ed4d78ebc9aea0bee06d270db8e93c100ba045f125715a7c14f96
python-jinja2-debuginfo-2.2.1-2.el6_5.ppc64.rpm
    MD5: 4096309bd8c1b921a0a9a437e2aad437SHA-256: 811287c27614164785a94ce34053c91150e8ff288e091025ed41cf4f9f83a5eb
 
s390x:
python-jinja2-2.2.1-2.el6_5.s390x.rpm
    MD5: 11624f600f7bfd55a86fadd0b68232f9SHA-256: aa9db901fea4451d392669f9ac5f4aa45b32d70002548ce751c44ebdb52a0700
python-jinja2-debuginfo-2.2.1-2.el6_5.s390x.rpm
    MD5: c9519a0fe73d19993585f49498bcb187SHA-256: b8fd867e28dac5353a328ddea1f4613e76d6657121b231b7c4bbb3d80aabe3f2
 
x86_64:
python-jinja2-2.2.1-2.el6_5.x86_64.rpm
    MD5: 3ccb40a56aa1f6ac9f57405c50c2d447SHA-256: c472b980521d4ee2e026fc4a626c771878ec15987cd55590c1046dcad612dab8
python-jinja2-debuginfo-2.2.1-2.el6_5.x86_64.rpm
    MD5: e92a05c559ab9b086f7e51f433cb473cSHA-256: 5c3b40a788696c8b3598cb92dce0c4a664cca8e90db2e02e7a5e8f5bf38545c8
 
Red Hat Enterprise Linux Workstation (v. 6)

SRPMS:
python-jinja2-2.2.1-2.el6_5.src.rpm
    MD5: 865cf2bd34bdc108a5ee9135a9da3f44SHA-256: 8526d501a170d4728d45f0035bad597bbf66952c13a8ae527287f0c0ce1b96ce
 
IA-32:
python-jinja2-2.2.1-2.el6_5.i686.rpm
    MD5: 65b5a2bf14dd5d81ba530bbcffd1267aSHA-256: 079da0f48f7a643a2ea83913e3ac3ee98f5491a38fd9c5c2814e7cf295dcbd0e
python-jinja2-debuginfo-2.2.1-2.el6_5.i686.rpm
    MD5: ec411f776e4e9412171fed319c9ce864SHA-256: 2a37f1855a05a7face1003964d32f6c7319724322f87debba95fb52645b0b882
 
x86_64:
python-jinja2-2.2.1-2.el6_5.x86_64.rpm
    MD5: 3ccb40a56aa1f6ac9f57405c50c2d447SHA-256: c472b980521d4ee2e026fc4a626c771878ec15987cd55590c1046dcad612dab8
python-jinja2-debuginfo-2.2.1-2.el6_5.x86_64.rpm
    MD5: e92a05c559ab9b086f7e51f433cb473cSHA-256: 5c3b40a788696c8b3598cb92dce0c4a664cca8e90db2e02e7a5e8f5bf38545c8
 
(The unlinked packages above are only available from the Red Hat Network)
1051421 – CVE-2014-1402 python-jinja2: FileSystemBytecodeCache insecure cache temporary file use

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from:

Leave a Reply