Oracle Linux 7 : python-jinja2 (ELSA-2019-1022)
Medium Nessus Plugin ID 125107
SynopsisThe remote Oracle Linux host is missing a security update.
DescriptionFrom Red Hat Security Advisory 2019:1022 :
An update for python-jinja2 is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
The python-jinja2 package contains Jinja2, a template engine written in pure Python. Jinja2 provides a Django inspired non-XML syntax but supports inline expressions and an optional sandboxed environment.
Security Fix(es) :
* python-jinja2: Sandbox escape due to information disclosure via str.format (CVE-2016-10745)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
SolutionUpdate the affected python-jinja2 package.