Mandriva Linux Security Advisory : python-jinja2 (MDVSA-2014:096)
Medium Nessus Plugin ID 74074
SynopsisThe remote Mandriva Linux host is missing a security update.
DescriptionUpdated python-jinja2 packages fix security vulnerability :
Jinja2, a template engine written in pure python, was found to use /tmp as a default directory for jinja2.bccache.FileSystemBytecodeCache, which is insecure because the /tmp directory is world-writable and the filenames used like 'FileSystemBytecodeCache' are often predictable. A malicious user could exploit this bug to execute arbitrary code as another user (CVE-2014-1402).
SolutionUpdate the affected python-jinja2 package.