Описание
ELSA-2018-0592: slf4j security update (IMPORTANT)
[0:1.7.4-4]
- Disallow EventData deserialization by default (CVE-2018-8088)
Обновленные пакеты
Oracle Linux 7
Oracle Linux aarch64
slf4j
1.7.4-4.el7_4
slf4j-javadoc
1.7.4-4.el7_4
slf4j-manual
1.7.4-4.el7_4
Oracle Linux x86_64
slf4j
1.7.4-4.el7_4
slf4j-javadoc
1.7.4-4.el7_4
slf4j-manual
1.7.4-4.el7_4
Связанные CVE
Связанные уязвимости
org.slf4j.ext.EventData in the slf4j-ext module in QOS.CH SLF4J before 1.8.0-beta2 allows remote attackers to bypass intended access restrictions via crafted data. EventData in the slf4j-ext module in QOS.CH SLF4J, has been fixed in SLF4J versions 1.7.26 later and in the 2.0.x series.
org.slf4j.ext.EventData in the slf4j-ext module in QOS.CH SLF4J before 1.8.0-beta2 allows remote attackers to bypass intended access restrictions via crafted data. EventData in the slf4j-ext module in QOS.CH SLF4J, has been fixed in SLF4J versions 1.7.26 later and in the 2.0.x series.
org.slf4j.ext.EventData in the slf4j-ext module in QOS.CH SLF4J before 1.8.0-beta2 allows remote attackers to bypass intended access restrictions via crafted data. EventData in the slf4j-ext module in QOS.CH SLF4J, has been fixed in SLF4J versions 1.7.26 later and in the 2.0.x series.
org.slf4j.ext.EventData in the slf4j-ext module in QOS.CH SLF4J before ...
