| Summary: | log4j and log4j12 new security issue CVE-2017-5645 | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | David Walser <luigiwalser> |
| Component: | Security | Assignee: | Nicolas Lécureuil <mageia> |
| Status: | RESOLVED OLD | QA Contact: | Sec team <security> |
| Severity: | critical | ||
| Priority: | Normal | CC: | geiger.david68210, zombie.ryushu |
| Version: | 5 | ||
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | https://security-tracker.debian.org/tracker/CVE-2017-5645 | ||
| Whiteboard: | |||
| Source RPM: | log4j-2.5-5.mga6.src.rpm, log4j12-1.2.17-16.mga6.src.rpm | CVE: | CVE-2017-5645 |
| Status comment: | |||
|
Description
David Walser
2017-04-17 22:35:27 CEST
David Walser
2017-04-17 22:35:40 CEST
Whiteboard:
(none) =>
MGA5TOO
Nicolas Lécureuil
2017-04-22 21:53:20 CEST
URL:
(none) =>
https://security-tracker.debian.org/tracker/CVE-2017-5645 Fedora has issued an advisory for this on May 2: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/43G5RVIYBPLRIYERD3MI6PSJV2H6SLBV/ Fixed in cauldron Version:
Cauldron =>
5 log4j12 is also affected. Fedora has issued an advisory for this today (June 9): https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/W6J67CAARU2NKXKRHLJFICQ2KQFGZG2Z/ Summary:
log4j new security issue CVE-2017-5645 =>
log4j and log4j12 new security issue CVE-2017-5645 Fixed in log4j12-1.2.17-17.mga6 in Cauldron. Whiteboard:
MGA5TOO =>
(none) We won't be fixing this type of package for Mageia 5. Status:
NEW =>
RESOLVED *** Bug 25916 has been marked as a duplicate of this bug. *** Just noting this is also being called CVE-2019-17571: http://lists.suse.com/pipermail/sle-security-updates/2020-January/006316.html |