SUSE-SU-2019:1554-1
Advisory lineage Upstream: 3 Downstream: 0
Published: 18 Jun 2019, 16:30
Last modified:04 Feb 2026, 04:24
Vulnerability Summary
Overall Risk (default)
minimal
0/100 CVSS Score
No data
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
18 Jun 2019, 16:30
Published
Vulnerability first disclosed
04 Feb 2026, 04:24
Last Modified
Vulnerability information updated
Description
Security update for python-Jinja2 This update for python-Jinja2 fixes the following issues: Security issues fixed: - CVE-2016-10745: Fixed a sandbox escape caused by an information disclosure via str.format (bsc#1132174). - CVE-2019-10906: Fixed a sandbox escape due to information disclosure via str.format (bsc#1132323). - CVE-2019-8341: Fixed command injection in function from_string (bsc#1125815).
Affected Systems
- suse•python-Jinja2&distro=SUSE Enterprise Storage 4
< 2.8-22.8.1
- suse•python-Jinja2&distro=SUSE Enterprise Storage 5
< 2.8-22.8.1
- suse•python-Jinja2&distro=SUSE Linux Enterprise Point of Sale 12 SP2
< 2.8-22.8.1
- suse•python-Jinja2&distro=SUSE Manager Proxy 3.1
< 2.8-22.8.1
- suse•python-Jinja2&distro=SUSE Manager Proxy 3.2
< 2.8-22.8.1
- suse•python-Jinja2&distro=SUSE Manager Server 3.1
< 2.8-22.8.1
- suse•python-Jinja2&distro=SUSE Manager Server 3.2
< 2.8-22.8.1
- suse•python-Jinja2&distro=SUSE OpenStack Cloud 7
< 2.8-22.8.1
References (7)
- https://www.suse.com/support/update/announcement/2019/suse-su-20191554-1/
- https://bugzilla.suse.com/1125815
- https://bugzilla.suse.com/1132174
- https://bugzilla.suse.com/1132323
- https://www.suse.com/security/cve/CVE-2016-10745
- https://www.suse.com/security/cve/CVE-2019-10906
- https://www.suse.com/security/cve/CVE-2019-8341