Bug 1052102 (CVE-2014-0012) - CVE-2014-0012 python-jinja2: FileSystemBytecodeCache insecure cache temporary file use, incorrect CVE-2014-1402 fix
Summary: CVE-2014-0012 python-jinja2: FileSystemBytecodeCache insecure cache temporary...
Alias: CVE-2014-0012
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
Depends On: 1051427
Blocks: 1051429
TreeView+ depends on / blocked
Reported: 2014-01-13 10:29 UTC by Ratul Gupta
Modified: 2019-09-29 13:12 UTC (History)
28 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2014-01-16 19:00:28 UTC

Attachments (Terms of Use)

System ID Priority Status Summary Last Updated
Debian BTS 734956 None None None Never

Description Ratul Gupta 2014-01-13 10:29:54 UTC
An insecure temporary file creation vulnerability was introduced in Jinja2 in the fix for CVE-2014-1402 through the commit:


Comment 1 Ratul Gupta 2014-01-13 10:32:35 UTC

This issue was discovered by Arun Babu Neelicattu of the Red Hat Security Response Team.

Comment 3 Ratul Gupta 2014-01-13 10:50:59 UTC

Not vulnerable. This issue did not affect the versions of python-jinja2 as shipped with Red Hat Enterprise Linux 6 as it did not include the patch that introduced this flaw.

Comment 8 Tomas Hoger 2014-01-27 16:14:31 UTC
This issue has pretty much identical impact to the original issue - file overwrites typical for temporary file handling issues, or application using spoofed cache file.  As Jinja2 cache files contain python bytecode that is executed by Jinja2, there's a risk of direct code execution impact as a consequence of this flaw.

Comment 9 Tomas Hoger 2014-01-27 16:27:27 UTC
Bug 1051421 comment 20 has few notes on how upstream fix used in Jinja2 2.7.2 changes impact of the issue.

Comment 10 Tomas Hoger 2014-01-27 17:08:17 UTC
This patch used in Debian packages:


or this upstream pull request:


both use tempfile.mkdtemp() to create directory used to store cache files.  That does not seem like a viable approach, as previously discussed in bug 1051421 comment 12.

Note You need to log in before you can comment on or make changes to this bug.