SUSE-SU-2020:0054-1

Опубликовано: 09 янв. 2020

Источник: suse-cvrf

Описание

Security update for log4j

This update for log4j fixes the following issues:

CVE-2019-17571: Fixed a remote code execution by deserialization of untrusted data in SocketServer (bsc#1159646).

Список пакетов

HPE Helion OpenStack 8

log4j-1.2.15-126.3.1

SUSE Enterprise Storage 5

log4j-1.2.15-126.3.1

SUSE Linux Enterprise Server 12 SP1-LTSS

log4j-1.2.15-126.3.1

SUSE Linux Enterprise Server 12 SP2-BCL

log4j-1.2.15-126.3.1

SUSE Linux Enterprise Server 12 SP2-LTSS

log4j-1.2.15-126.3.1

SUSE Linux Enterprise Server 12 SP3-BCL

log4j-1.2.15-126.3.1

SUSE Linux Enterprise Server 12 SP3-LTSS

log4j-1.2.15-126.3.1

SUSE Linux Enterprise Server 12 SP4

log4j-1.2.15-126.3.1

SUSE Linux Enterprise Server 12 SP5

log4j-1.2.15-126.3.1

SUSE Linux Enterprise Server for SAP Applications 12 SP1

log4j-1.2.15-126.3.1

SUSE Linux Enterprise Server for SAP Applications 12 SP2

log4j-1.2.15-126.3.1

SUSE Linux Enterprise Server for SAP Applications 12 SP3

log4j-1.2.15-126.3.1

SUSE Linux Enterprise Server for SAP Applications 12 SP4

log4j-1.2.15-126.3.1

SUSE Linux Enterprise Server for SAP Applications 12 SP5

log4j-1.2.15-126.3.1

SUSE Linux Enterprise Software Development Kit 12 SP4

log4j-1.2.15-126.3.1

log4j-manual-1.2.15-126.3.1

SUSE Linux Enterprise Software Development Kit 12 SP5

log4j-1.2.15-126.3.1

log4j-manual-1.2.15-126.3.1

SUSE OpenStack Cloud 7

log4j-1.2.15-126.3.1

SUSE OpenStack Cloud 8

log4j-1.2.15-126.3.1

SUSE OpenStack Cloud Crowbar 8

log4j-1.2.15-126.3.1

Ссылки

https://www.suse.com/support/update/announcement/2020/suse-su-20200054-1/
Link for SUSE-SU-2020:0054-1
https://www.suse.com/support/update/announcement/2020/suse-su-20200054-1.html
E-Mail link for SUSE-SU-2020:0054-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1159646
SUSE Bug 1159646
https://www.suse.com/security/cve/CVE-2019-17571/
SUSE CVE CVE-2019-17571 page

Описание

Included in Log4j 1.2 is a SocketServer class that is vulnerable to deserialization of untrusted data which can be exploited to remotely execute arbitrary code when combined with a deserialization gadget when listening to untrusted network traffic for log data. This affects Log4j versions up to 1.2 up to 1.2.17.

Затронутые продукты

HPE Helion OpenStack 8:log4j-1.2.15-126.3.1

SUSE Enterprise Storage 5:log4j-1.2.15-126.3.1

SUSE Linux Enterprise Server 12 SP1-LTSS:log4j-1.2.15-126.3.1

SUSE Linux Enterprise Server 12 SP2-BCL:log4j-1.2.15-126.3.1

Ссылки

https://www.suse.com/security/cve/CVE-2019-17571.html
CVE-2019-17571
https://bugzilla.suse.com/1159646
SUSE Bug 1159646

SUSE-SU-2020:0054-1

Описание

Список пакетов

HPE Helion OpenStack 8

SUSE Enterprise Storage 5

SUSE Linux Enterprise Server 12 SP1-LTSS

SUSE Linux Enterprise Server 12 SP2-BCL

SUSE Linux Enterprise Server 12 SP2-LTSS

SUSE Linux Enterprise Server 12 SP3-BCL

SUSE Linux Enterprise Server 12 SP3-LTSS

SUSE Linux Enterprise Server 12 SP4

SUSE Linux Enterprise Server 12 SP5

SUSE Linux Enterprise Server for SAP Applications 12 SP1

SUSE Linux Enterprise Server for SAP Applications 12 SP2

SUSE Linux Enterprise Server for SAP Applications 12 SP3

SUSE Linux Enterprise Server for SAP Applications 12 SP4

SUSE Linux Enterprise Server for SAP Applications 12 SP5

SUSE Linux Enterprise Software Development Kit 12 SP4

SUSE Linux Enterprise Software Development Kit 12 SP5

SUSE OpenStack Cloud 7

SUSE OpenStack Cloud 8

SUSE OpenStack Cloud Crowbar 8

Ссылки

Уязвимость: CVE-2019-17571

Описание

Затронутые продукты

Ссылки