The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dla-4126 advisory.

    - -------------------------------------------------------------------------     Debian LTS Advisory DLA-4126-2                debian-lts@lists.debian.org     https://www.debian.org/lts/security/                      Lucas Kanashiro     April 30, 2025                                https://wiki.debian.org/LTS
    - -------------------------------------------------------------------------

    Package        : jinja2     Version        : 2.11.3-1+deb11u4     CVE ID         : CVE-2025-27516     Debian Bug     : #1103045

    The fix for CVE-2025-27516 announced in DLA-4126 does not supporting Python 2.
    Now, the support of Python 2 was re-instated.

    For Debian 11 bullseye, this problem has been fixed in version     2.11.3-1+deb11u4.

    We recommend that you upgrade your jinja2 packages.

    For the detailed security status of jinja2 please refer to     its security tracker page at:
    https://security-tracker.debian.org/tracker/jinja2

    Further information about Debian LTS security advisories, how to apply     these updates to your system and frequently asked questions can be     found at: https://wiki.debian.org/LTS

Tenable has extracted the preceding description block directly from the Debian security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Detections

Analytics

Debian dla-4126 : python-jinja2 - security update

medium Nessus Plugin ID 234243

Version 1.2