Apache has issued an advisory on December 18: https://www.openwall.com/lists/oss-security/2021/12/19/1 Debian has issued an advisory for this on December 18: https://www.debian.org/security/2021/dsa-5024 The issue is fixed upstream in 2.17.0. Mageia 8 is also affected.
Whiteboard: (none) => MGA8TOOStatus comment: (none) => Fixed upstream in 2.17.0
new version pushed in mga8/9 src: - log4j-2.17.0-1.mga8
CC: (none) => mageiaVersion: Cauldron => 8Whiteboard: MGA8TOO => (none)Assignee: java => qa-bugsStatus comment: Fixed upstream in 2.17.0 => (none)
log4j-jcl-2.17.0-1.mga8 log4j-slf4j-2.17.0-1.mga8 log4j-2.17.0-1.mga8 from log4j-2.17.0-1.mga8.src.rpm
MGA8-64 Plasma on Lenovo B50 in Dutch No installation issues. Trying to repeat the test the Brian did in bug 29766 Comment 24: loaded the z-file, extracted and put the folder in my home, then $ cd log4j_t1/bin/ $ java -cp .:/usr/share/java/log4j/log4j-core.jar:/usr/share/java/log4j/log4j-api.jar log4j_t1.Test1L 15:03:25.262 [main] ERROR HelloWorld - Hello, World! Seems OK.
Whiteboard: (none) => MGA8-64-OKCC: (none) => herman.viaene
Ubuntu has issued an advisory for this on December 19: https://ubuntu.com/security/notices/USN-5203-1
Validating.
CC: (none) => andrewsfarm, sysadmin-bugsKeywords: (none) => validated_update
Keywords: (none) => advisory
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2021-0572.html
Resolution: (none) => FIXEDStatus: NEW => RESOLVED