Security Bulletin: Vulnerabilities in Jinja , cryptography & OpenSSL can affect IBM Storage Protect Plus File Systems Agent Backup and Restore

Summary IBM Storage Protect Plus File Systems Agent Backup and Restore can be affected by vulnerabilities in Jinja & cryptography which includes execution of untrusted templates, man-in-middle attacks & a denial of service, as described by the CVEs in the "Vulnerability Details" section. These...

TencentOS Server 4: python-jinja2 (TSSA-2024:1136)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:1136 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

Alibaba Cloud Linux 3 : 0010: fence-agents (ALINUX3-SA-2025:0010)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2025:0010 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2024-56201: Jinja is an extensible...

Security Bulletin: Location Service for ESRI Component uses multiple vulnerable libraries and wildcard characters when defining RBAC permissions in Dockerfiles which are vulnerable to multiple CVEs

Summary Location Service for ESRI Component uses jinja2-3.1.4-py3-none-any.whl, jinja2-3.1.5-py3-none-any.whl, cryptography-44.0.0-cp39-abi3-manylinux228x8664.whl and wildcard characters when defining RBAC permissions in Dockerfiles which are vulnerable to CVE-2024-56326, CVE-2024-56201,...

EulerOS 2.0 SP13 : python-jinja2 (EulerOS-SA-2025-1324)

According to the versions of the python-jinja2 package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Jinja is an extensible templating engine. In versions on the 3.x branch prior to 3.1.5, a bug in the Jinja compiler allows an attacker that...

Important: Red Hat Security Advisory: OpenShift Container Platform 4.13.55 packages and security update

Red Hat OpenShift Container Platform release 4.13.55 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.13. Red Hat Product Security has rated this update as having a...

Important: Red Hat Security Advisory: OpenShift Container Platform 4.14.46 security update

Red Hat OpenShift Container Platform release 4.14.46 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.14. Red Hat Product Security has rated this update as having a...

Important: Red Hat Security Advisory: OpenShift Container Platform 4.17.14 packages and security update

Red Hat OpenShift Container Platform release 4.17.14 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.17. Red Hat Product Security has rated this update as having a...

Important: ansible-core

Issue Overview: Jinja is an extensible templating engine. Prior to 3.1.5, a bug in the Jinja compiler allows an attacker that controls both the content and filename of a template to execute arbitrary Python code, regardless of if Jinja's sandbox is used. To exploit the vulnerability, an attacker...

Amazon Linux 2023 : ansible-core, ansible-test (ALAS2023-2025-811)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-811 advisory. Jinja is an extensible templating engine. Prior to 3.1.5, a bug in the Jinja compiler allows an attacker that controls both the content and filename of a template to execute arbitrary Python...

Important: Red Hat Security Advisory: fence-agents security update

An update for fence-agents is now available for Red Hat Enterprise Linux 9. The fence-agents packages provide a collection of scripts for handling remote power management for cluster devices. They allow failed or unreachable nodes to be forcibly restarted and removed from the cluster. Security...

ALSA-2025:0308 Important: fence-agents security update

The fence-agents packages provide a collection of scripts for handling remote power management for cluster devices. They allow failed or unreachable nodes to be forcibly restarted and removed from the cluster. Security Fixes: fence-agents: Jinja has a sandbox breakout through indirect reference t...