==========================================================================
Ubuntu Security Notice USN-7343-1
March 11, 2025

jinja2 vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 24.10
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS

Summary:

Several security issues were fixed in Jinja2.

Software Description:
- jinja2: small but fast and easy to use stand-alone template engine

Details:

Rafal Krupinski discovered that Jinja2 did not properly restrict
the execution of code in situations where templates are used maliciously.
An attacker with control over a template's filename and content could
potentially use this issue to enable the execution of arbitrary code.
This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS.
(CVE-2024-56201)

It was discovered that Jinja2 sandboxed environments could be escaped
through a call to a string format method. An attacker could possibly use
this issue to enable the execution of arbitrary code. This issue only
affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2024-56326)

It was discovered that Jinja2 sandboxed environments could be escaped
through the malicious use of certain filters. An attacker could possibly
use this issue to enable the execution of arbitrary code. (CVE-2025-27516)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.10
Â  python3-jinja2Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â  3.1.3-1ubuntu1.24.10.2

Ubuntu 24.04 LTS
Â  python3-jinja2Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â  3.1.2-1ubuntu1.3

Ubuntu 22.04 LTS
Â  python3-jinja2Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â  3.0.3-1ubuntu0.4

Ubuntu 20.04 LTS
Â  python-jinja2Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â  2.10.1-2ubuntu0.5
Â  python3-jinja2Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â  2.10.1-2ubuntu0.5

Ubuntu 18.04 LTS
Â  python-jinja2Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â  2.10-1ubuntu0.18.04.1+esm4
Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â  Available with Ubuntu Pro
Â  python3-jinja2Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â  2.10-1ubuntu0.18.04.1+esm4
Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â  Available with Ubuntu Pro

Ubuntu 16.04 LTS
Â  python-jinja2Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â  2.8-1ubuntu0.1+esm5
Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â  Available with Ubuntu Pro
Â  python3-jinja2Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â  2.8-1ubuntu0.1+esm5
Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â  Available with Ubuntu Pro

Ubuntu 14.04 LTS
Â  python-jinja2Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â  2.7.2-2ubuntu0.1~esm6
Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â  Available with Ubuntu Pro
Â  python3-jinja2Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â  2.7.2-2ubuntu0.1~esm6
Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â  Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:
Â  https://ubuntu.com/security/notices/USN-7343-1
Â  CVE-2024-56201, CVE-2024-56326, CVE-2025-27516

Package Information:
https://launchpad.net/ubuntu/+source/jinja2/3.1.3-1ubuntu1.24.10.2
Â  https://launchpad.net/ubuntu/+source/jinja2/3.1.2-1ubuntu1.3
Â  https://launchpad.net/ubuntu/+source/jinja2/3.0.3-1ubuntu0.4
Â  https://launchpad.net/ubuntu/+source/jinja2/2.10.1-2ubuntu0.5