Amazon Linux 1 Security Advisory: ALAS-2014-371
Advisory Release Date: 2014-07-09 16:39 Pacific
Advisory Updated Date: 2014-09-19 10:35 Pacific
The default configuration for bccache.FileSystemBytecodeCache in Jinja2 before 2.7.2 does not properly create temporary files, which allows local users to gain privileges via a crafted .cache file with a name starting with __jinja2_ in /tmp.
Affected Packages:
python-jinja2
Issue Correction:
Run yum update python-jinja2 to update your system.
noarch:
python-jinja2-2.7.2-2.10.amzn1.noarch
src:
python-jinja2-2.7.2-2.10.amzn1.src