| Summary: | log4j new security issue CVE-2021-44832 | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | David Walser <luigiwalser> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | Sec team <security> |
| Severity: | major | ||
| Priority: | Normal | CC: | andrewsfarm, davidwhodgins, mageia, sysadmin-bugs |
| Version: | 8 | Keywords: | advisory, validated_update |
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | MGA8-64-OK | ||
| Source RPM: | log4j-2.17.0-1.mga9.src.rpm | CVE: | |
| Status comment: | |||
|
Description
David Walser
2021-12-29 05:21:02 CET
David Walser
2021-12-29 05:21:24 CET
Status comment:
(none) =>
Fixed upstream in 2.17.1 fixed in mga 8/9
src:
- log4j-2.17.1-1.mga8Whiteboard:
MGA8TOO =>
(none) log4j-jcl-2.17.1-1.mga8 log4j-slf4j-2.17.1-1.mga8 log4j-2.17.1-1.mga8 from log4j-2.17.1-1.mga8.src.rpm openSUSE has issued an advisory for this on December 30: https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/QD3TW7GD6PF3ZSKL2TJG3Z462FFFLJND/ No installation issues. Downloaded the attachment and used Brian's test from https://bugs.mageia.org/show_bug.cgi?id=29766#c24 (Thank you, Brian!) [tom@localhost ~]$ cd log4j_t1/bin/ [tom@localhost bin]$ java -cp .:/usr/share/java/log4j/log4j-core.jar:/usr/share/java/log4j/log4j-api.jar log4j_t1.Test1L 15:51:41.134 [main] ERROR HelloWorld - Hello, World! Seems to be working. Validating. Keywords:
(none) =>
validated_update
Dave Hodgins
2022-01-03 02:52:12 CET
Keywords:
(none) =>
advisory An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2022-0002.html Status:
NEW =>
RESOLVED |