| Summary: | log4j new security issue CVE-2021-45105 | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | David Walser <luigiwalser> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | Sec team <security> |
| Severity: | critical | ||
| Priority: | Normal | CC: | andrewsfarm, herman.viaene, mageia, sysadmin-bugs |
| Version: | 8 | Keywords: | advisory, validated_update |
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | MGA8-64-OK | ||
| Source RPM: | log4j-2.16.0-1.mga8.src.rpm | CVE: | |
| Status comment: | |||
|
Description
David Walser
2021-12-19 18:54:51 CET
David Walser
2021-12-19 18:55:04 CET
Whiteboard:
(none) =>
MGA8TOO new version pushed in mga8/9
src:
- log4j-2.17.0-1.mga8CC:
(none) =>
mageia log4j-jcl-2.17.0-1.mga8 log4j-slf4j-2.17.0-1.mga8 log4j-2.17.0-1.mga8 from log4j-2.17.0-1.mga8.src.rpm MGA8-64 Plasma on Lenovo B50 in Dutch No installation issues. Trying to repeat the test the Brian did in bug 29766 Comment 24: loaded the z-file, extracted and put the folder in my home, then $ cd log4j_t1/bin/ $ java -cp .:/usr/share/java/log4j/log4j-core.jar:/usr/share/java/log4j/log4j-api.jar log4j_t1.Test1L 15:03:25.262 [main] ERROR HelloWorld - Hello, World! Seems OK. Whiteboard:
(none) =>
MGA8-64-OK Ubuntu has issued an advisory for this on December 19: https://ubuntu.com/security/notices/USN-5203-1 Validating. CC:
(none) =>
andrewsfarm, sysadmin-bugs
Thomas Backlund
2021-12-20 20:54:06 CET
Keywords:
(none) =>
advisory An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2021-0572.html Resolution:
(none) =>
FIXED |