ALAS-2014-371


Amazon Linux 1 Security Advisory: ALAS-2014-371
Advisory Release Date: 2014-07-09 16:39 Pacific
Advisory Updated Date: 2014-09-19 10:35 Pacific
Severity: Medium

Issue Overview:

The default configuration for bccache.FileSystemBytecodeCache in Jinja2 before 2.7.2 does not properly create temporary files, which allows local users to gain privileges via a crafted .cache file with a name starting with __jinja2_ in /tmp.


Affected Packages:

python-jinja2


Issue Correction:
Run yum update python-jinja2 to update your system.

New Packages:
noarch:
    python-jinja2-2.7.2-2.10.amzn1.noarch

src:
    python-jinja2-2.7.2-2.10.amzn1.src