Описание
Security update for log4j
This update for log4j fixes the following issues:
- CVE-2019-17571: Fixed a remote code execution by deserialization of untrusted data in SocketServer (bsc#1159646).
Список пакетов
SUSE Linux Enterprise Module for Basesystem 15
log4j-1.2.17-5.3.1
SUSE Linux Enterprise Module for Basesystem 15 SP1
log4j-1.2.17-5.3.1
SUSE Linux Enterprise Module for Development Tools 15
log4j-manual-1.2.17-5.3.1
SUSE Linux Enterprise Module for Development Tools 15 SP1
log4j-manual-1.2.17-5.3.1
Ссылки
- Link for SUSE-SU-2020:0053-1
- E-Mail link for SUSE-SU-2020:0053-1
- SUSE Security Ratings
- SUSE Bug 1159646
- SUSE CVE CVE-2019-17571 page
Описание
Included in Log4j 1.2 is a SocketServer class that is vulnerable to deserialization of untrusted data which can be exploited to remotely execute arbitrary code when combined with a deserialization gadget when listening to untrusted network traffic for log data. This affects Log4j versions up to 1.2 up to 1.2.17.
Затронутые продукты
SUSE Linux Enterprise Module for Basesystem 15 SP1:log4j-1.2.17-5.3.1
SUSE Linux Enterprise Module for Basesystem 15:log4j-1.2.17-5.3.1
SUSE Linux Enterprise Module for Development Tools 15 SP1:log4j-manual-1.2.17-5.3.1
SUSE Linux Enterprise Module for Development Tools 15:log4j-manual-1.2.17-5.3.1
Ссылки
- CVE-2019-17571
- SUSE Bug 1159646