USN-5701-1: Jinja2 vulnerability
26 October 2022
Jinja2 could be made to hang if it received specially crafted input.
Releases
Packages
- jinja2 - small but fast and easy to use stand-alone template engine
Details
Yeting Li discovered that Jinja2 incorrectly handled certain inputs.
An attacker could possibly use this issue to cause a denial of service.
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 16.04
-
python-jinja2
-
2.8-1ubuntu0.1+esm1
Available with Ubuntu Pro
-
python3-jinja2
-
2.8-1ubuntu0.1+esm1
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References
Related notices
- USN-6599-1: python3-jinja2, python-jinja2, python-jinja2-doc, jinja2