Описание
Security update for log4j
This update for log4j fixes the following issues:
- CVE-2019-17571: Fixed a remote code execution by deserialization of untrusted data in SocketServer (bsc#1159646).
Список пакетов
Image SLES15-SP1-Manager-4-0-Azure-BYOS-Server
log4j-mini-1.2.17-5.3.1
Image SLES15-SP1-Manager-4-0-EC2-HVM-BYOS-Server
log4j-mini-1.2.17-5.3.1
Image SLES15-SP1-Manager-4-0-GCE-BYOS-Server
log4j-mini-1.2.17-5.3.1
SUSE Linux Enterprise Module for Basesystem 15
log4j-1.2.17-5.3.1
SUSE Linux Enterprise Module for Basesystem 15 SP1
log4j-1.2.17-5.3.1
SUSE Linux Enterprise Module for Development Tools 15
log4j-manual-1.2.17-5.3.1
SUSE Linux Enterprise Module for Development Tools 15 SP1
log4j-manual-1.2.17-5.3.1
Ссылки
- Link for SUSE-SU-2020:0053-1
- E-Mail link for SUSE-SU-2020:0053-1
- SUSE Security Ratings
- SUSE Bug 1159646
- SUSE CVE CVE-2019-17571 page
Описание
Included in Log4j 1.2 is a SocketServer class that is vulnerable to deserialization of untrusted data which can be exploited to remotely execute arbitrary code when combined with a deserialization gadget when listening to untrusted network traffic for log data. This affects Log4j versions up to 1.2 up to 1.2.17.
Затронутые продукты
Image SLES15-SP1-Manager-4-0-Azure-BYOS-Server:log4j-mini-1.2.17-5.3.1
Image SLES15-SP1-Manager-4-0-EC2-HVM-BYOS-Server:log4j-mini-1.2.17-5.3.1
Image SLES15-SP1-Manager-4-0-GCE-BYOS-Server:log4j-mini-1.2.17-5.3.1
SUSE Linux Enterprise Module for Basesystem 15 SP1:log4j-1.2.17-5.3.1
Ссылки
- CVE-2019-17571
- SUSE Bug 1159646