important: python-jinja2/gstreamer1-plugins-good security update
important
An update for python-jinja2/gstreamer1-plugins-good is now available for NewStart CGSL MAIN 7.02.
NewStart Security has rated this update as having a security impact of important. A Common Vunlnerability Scoring System(CVSS)base score, which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.
python-jinja2:
gstreamer1-plugins-good:
Security Fix(es):
python-jinja2: Jinja is an extensible templating engine. The `xmlattr` filter in affected versions of Jinja accepts keys containing non-attribute characters. XML/HTML attributes cannot contain spaces, `/`, `>`, or `=`, as each would then be interpreted as starting a separate attribute. If an application accepts keys (as opposed to only values) as user input, and renders these in pages that other users see as well, an attacker could use this to inject other attributes and perform XSS. The fix for CVE-2024-22195 only addressed spaces but not other characters. Accepting keys as user input is now explicitly considered an unintended use case of the `xmlattr` filter, and code that does so without otherwise validating the input should be flagged as insecure, regardless of Jinja version. Accepting _values_ as user input continues to be safe. This vulnerability is fixed in 3.1.4.(CVE-2024-34064)
python-jinja2: A flaw was found in the Jinja2 package. A bug in the Jinja compiler allows an attacker that controls both the content and filename of a template to execute arbitrary Python code, regardless of Jinja's sandbox being used. An attacker needs to be able to control both the filename and the contents of a template. Whether that is the case depends on the type of application using Jinja. This vulnerability impacts users of applications that execute untrusted templates where the template author can also choose the template filename.(CVE-2024-56201)
python-jinja2: A flaw was found in the Jinja package. In affected versions of Jinja, an oversight in how the Jinja sandboxed environment detects calls to str.format allows an attacker that controls the content of a template to execute arbitrary Python code. To exploit the vulnerability, an attacker needs to control the content of a template. Whether that is the case depends on the type of application using Jinja. This vulnerability impacts users of applications that execute untrusted templates. Jinja's sandbox does catch calls to str.format and ensures they don't escape the sandbox. However, storing a reference to a malicious string's format method is possible, then passing that to a filter that calls it. No such filters are built into Jinja but could be present through custom filters in an application. After the fix, such indirect calls are also handled by the sandbox.(CVE-2024-56326)
python-jinja2: A flaw was found in Jinja. In affected versions, an oversight in how the Jinja sandboxed environment interacts with the `|attr` filter allows an attacker who controls the content of a template to execute arbitrary Python code. To exploit the vulnerability, an attacker needs to control the content of a template. Whether that is the case depends on the type of application using Jinja. This vulnerability impacts users of applications that execute untrusted templates. Jinja's sandbox does catch calls to `str.format` and ensures they don't escape the sandbox. However, it's possible to use the `|attr` filter to get a reference to a string's plain format method, bypassing the sandbox.(CVE-2025-27516)
python-jinja2: bugfix
gstreamer1-plugins-good: A flaw was found in the GStreamer library. Multiple NULL pointer dereferences in the MP4/MOV demuxer's CENC handling can cause crashes for certain input files, potentially allowing a malicious actor to trigger an application crash.(CVE-2024-47544)
gstreamer1-plugins-good: A flaw was found in the GStreamer library. An integer overflow in the MP4/MOV demuxer can lead to out-of-bounds reads that may cause crashes for certain input files, potentially allowing a malicious actor to trigger an application crash.(CVE-2024-47545)
gstreamer1-plugins-good: A flaw was found in the GStreamer library. Integer underflow in the MP4/MOV demuxer can cause crashes for certain input files, potentially allowing a malicious actor to trigger an application crash.(CVE-2024-47546)
gstreamer1-plugins-good: A flaw was found in the GStreamer library. An integer underflow due to missing size checks in the MP4/MOV demuxer can lead to out-of-bounds reads and cause crashes for certain input files. This issue can allow a malicious actor to trigger a crash of the application.(CVE-2024-47596)
gstreamer1-plugins-good: A flaw was found in the GStreamer library. Insufficient error handling in the JPEG decoder can lead to NULL-pointer dereferences and cause crashes for certain input files, making it possible for a malicious actor to trigger a crash of the application.(CVE-2024-47599)
gstreamer1-plugins-good: A flaw was found in the GStreamer library. A NULL pointer dereference in the Matroska/WebM demuxer can cause crashes for certain input files, potentially allowing a malicious actor to trigger an application crash.(CVE-2024-47603)
gstreamer1-plugins-good: A flaw was found in the MP4/MOV demuxer and memory allocator in the GStreamer library. Processing a specially crafted input file can cause an integer overflow in the qtdemux_parse_theora_extension function. This issue leads to a small amount of memory being allocated to store a large input size, resulting in an out-of-bounds write.(CVE-2024-47606)
gstreamer1-plugins-good: A flaw was found in the GStreamer library. An out-of-bounds read in the gst_avi_subtitle_parse_gab2_chunk function can cause crashes for certain input files, potentially allowing a malicious third party to trigger an application crash.(CVE-2024-47774)
gstreamer1-plugins-good: A flaw was found in the GStreamer library. Various out-of-bounds reads in the WAV parser can cause crashes for certain input files, potentially allowing a malicious actor to trigger an application crash.(CVE-2024-47778)
gstreamer1-plugins-good: bugfix
Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
http://security.gd-linux.com/how_to_apply_patch.html
Remember the build tag is 7.02.02B7.
© 2004-2023 广东中兴新支点技术有限公司 版权所有 (www.gd-linux.com) 粤ICP备15061780号-2
全国服务热线:400-033-0108