Detections
Analytics
Oracle Linux 8 : python-jinja2 (ELSA-2024-3102)
medium Nessus Plugin ID 198039
Language:
Synopsis
The remote Oracle Linux host is missing a security update.Description
The remote Oracle Linux 8 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2024-3102 advisory.[2.10.1-4]
- Security fix for CVE-2024-22195 Resolves: RHEL-21347
[2.10.1-3]
- Fix CVE-2020-28493: ReDOS vulnerability due to the sub-pattern Resolves: rhbz#1928707
[2.10.1-2]
- Rebuild of package to go through gating
- Resolves: rhbz#1701301
[2.10.1-1]
- Rebase to 2.10.1 (security update) to fix CVE-2019-10906
- Resolves: rhbz#1701301
[2.10-9]
- Require platform-python-setuptools instead of python3-setuptools
- Resolves: rhbz#1650536
[2.10-8]
- Revert changes commited to wrong branch
[2.10-7]
- Fix conditions
[2.10-6]
- Specfile cleanup and fixes
[2.10-5]
- Disable Python 2 build by default
[2.10-4]
- Allow build with Python 2
[2.10-3]
- Remove docs from Python 2 package
- Remove dependency on python2-babel and python2-sphinx
[2.10-2]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
[2.10-1]
- Update to 2.10.
- Use %bcond.
- Move BRs to their respective subpackages.
[2.9.6-4]
- Really cleanup spec file conditionals
[2.9.6-3]
- Cleanup spec file conditionals
[2.9.6-2]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
[2.9.6-1]
- Update to 2.9.6.
[2.9.5-2]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
[2.9.5-1]
- Update to 2.9.5.
[2.9.4-1]
- Update to 2.9.4.
[2.8.1-1]
- Update to 2.8.1.
[2.8-8]
- Rebuild for Python 3.6
[2.8-7]
- Ship python2-jinja2 (bug #1378519)
- Modernize spec
[2.8-6]
- https://fedoraproject.org/wiki/Changes/Automatic_Provides_for_Python_RPM_Packages
[2.8-5]
- Do not call py.test, there are currently no tests in the tarball.
[2.8-4]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
[2.8-3]
- Rebuilt for Python3.5 rebuild
[2.8-2]
- Apply updates Python packaging guidelines.
- Mark LICENSE with %license.
[2.8-1]
- Upstream 2.8
[2.7.3-3]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
[2.7.3-2]
- Add Requires python(3)-setuptools (bug #1168774)
[2.7.3-1]
- Update to 2.7.3.
- Reenable docs.
[2.7.2-2]
- Bootstrap (without docs) build for Python 3.4
[2.7.2-1]
- Update to 2.7.2.
- Update python3 conditional.
[2.7.1-1]
- Update to 2.7.1.
[2.7-1]
- Update to 2.7
- spec cleanup
[2.6-6]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
[2.6-5]
- rebuild for https://fedoraproject.org/wiki/Features/Python_3.3
[2.6-4]
- remove rhel logic from with_python3 conditional
[2.6-3]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
[2.6-2]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
[2.6-1]
- Update to 2.6.
[2.5.5-4]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
[2.5.5-3]
- Re-enable html doc generation.
- Remove conditional for F-12 and below.
- Do not silently fail the testsuite for with py3k.
[2.5.5-2]
- Move python3 runtime requirements to python3 subpackage
[2.5.5-1]
- Update to 2.5.5.
[2.5.2-4]
- Revert to previous behavior: fail the build on failed test.
- Rebuild for Python 3.2.
[2.5.2-3]
- %ifnarch doesn't work on noarch package so don't fail the build on failed tests
[2.5.2-2]
- disable the testsuite on s390(x)
[2.5.2-1]
- Update to upstream version 2.5.2.
- Package depends on python-markupsafe and is noarch now.
[2.5-4]
- add explicit build-requirement on python-setuptools
- fix doc disablement for python3 subpackage
[2.5-3]
- support disabling documentation in the build to break a circular build-time dependency with python-sphinx; disable docs for now
[2.5-2]
- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild
[2.5-1]
- Update to upstream version 2.5.
- Create python3 subpackage.
- Minor specfile fixes.
- Add examples directory.
- Thanks to Gareth Armstrong for additional hints.
[2.4.1-1]
- Update to 2.4.1.
[2.4-1]
- Update to 2.4.
[2.3.1-1]
- Update to 2.3.1.
- Docs are built using Sphinx now.
- Run the testsuite.
[2.2.1-1]
- Update to 2.2.1, mainly a bugfix release.
- Remove patch no longer needed.
- Remove conditional for FC-8.
- Compilation of speedup module has to be explicitly requested now.
[2.1.1-3]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
[2.1.1-2]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild
[2.1.1-1]
- Update to 2.1.1 (bugfix release).
[2.1-1]
- Update to 2.1, which fixes a number of bugs.
See http://jinja.pocoo.org/2/documentation/changelog#version-2-1.
[2.0-3]
- Rebuild for Python 2.6
[2.0-2]
- Use rpm buildroot macro instead of RPM_BUILD_ROOT.
[2.0-1]
- Upstream released 2.0.
[2.0-0.1.rc1]
- Modified specfile from the existing python-jinja package.
Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
Solution
Update the affected python3-jinja2 package.See Also
Plugin Details
Severity: Medium
ID: 198039
File Name: oraclelinux_ELSA-2024-3102.nasl
Version: 1.1
Type: local
Agent: unix
Published: 5/28/2024
Updated: 5/28/2024
Supported Sensors: Frictionless Assessment Agent, Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Low
Score: 3.0
CVSS v2
Risk Factor: Medium
Base Score: 6.4
Temporal Score: 4.7
Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N
CVSS Score Source: CVE-2024-22195
CVSS v3
Risk Factor: Medium
Base Score: 6.1
Temporal Score: 5.3
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
Vulnerability Information
CPE: cpe:/a:oracle:linux:8:10:appstream_base, cpe:/a:oracle:linux:8::appstream, p-cpe:/a:oracle:linux:python3-jinja2, cpe:/o:oracle:linux:8
Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/OracleLinux
Exploit Ease: No known exploits are available
Patch Publication Date: 5/23/2024
Vulnerability Publication Date: 1/11/2024
Reference Information
CVE: CVE-2024-22195