ALAS-2014-371


Amazon Linux AMI Security Advisory: ALAS-2014-371
Advisory Release Date: 2014-09-19 10:35 Pacific
Severity: Medium
References: CVE-2014-1402 

Issue Overview:

The default configuration for bccache.FileSystemBytecodeCache in Jinja2 before 2.7.2 does not properly create temporary files, which allows local users to gain privileges via a crafted .cache file with a name starting with __jinja2_ in /tmp.


Affected Packages:

python-jinja2


Issue Correction:
Run yum update python-jinja2 to update your system.

New Packages:
noarch:
    python-jinja2-2.7.2-2.10.amzn1.noarch

src:
    python-jinja2-2.7.2-2.10.amzn1.src