Описание
ELSA-2017-2423: log4j security update (IMPORTANT)
[0:1.2.17-16]
- Fix socket receiver deserialization vulnerability
- Resolves: CVE-2017-5645
Обновленные пакеты
Oracle Linux 7
Oracle Linux aarch64
log4j
1.2.17-16.el7_4
log4j-javadoc
1.2.17-16.el7_4
log4j-manual
1.2.17-16.el7_4
Oracle Linux x86_64
log4j
1.2.17-16.el7_4
log4j-javadoc
1.2.17-16.el7_4
log4j-manual
1.2.17-16.el7_4
Связанные CVE
Связанные уязвимости
In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code.
In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code.
In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code.
In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or ...
