SUSE-SU-2020:14267-1

Опубликовано: 09 янв. 2020

Источник: suse-cvrf

Описание

Security update for log4j

This update for log4j fixes the following issues:

CVE-2019-17571: Fixed a remote code execution by deserialization of untrusted data in SocketServer (bsc#1159646).

Список пакетов

SUSE Linux Enterprise Point of Sale 11 SP3

log4j-1.2.15-26.32.14.1

SUSE Linux Enterprise Server 11 SP4-LTSS

log4j-1.2.15-26.32.14.1

Ссылки

https://www.suse.com/support/update/announcement/2020/suse-su-202014267-1/
Link for SUSE-SU-2020:14267-1
https://lists.suse.com/pipermail/sle-security-updates/2020-January/006321.html
E-Mail link for SUSE-SU-2020:14267-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1159646
SUSE Bug 1159646
https://www.suse.com/security/cve/CVE-2019-17571/
SUSE CVE CVE-2019-17571 page

Описание

Included in Log4j 1.2 is a SocketServer class that is vulnerable to deserialization of untrusted data which can be exploited to remotely execute arbitrary code when combined with a deserialization gadget when listening to untrusted network traffic for log data. This affects Log4j versions up to 1.2 up to 1.2.17.

Затронутые продукты

SUSE Linux Enterprise Point of Sale 11 SP3:log4j-1.2.15-26.32.14.1

SUSE Linux Enterprise Server 11 SP4-LTSS:log4j-1.2.15-26.32.14.1

Ссылки

https://www.suse.com/security/cve/CVE-2019-17571.html
CVE-2019-17571
https://bugzilla.suse.com/1159646
SUSE Bug 1159646

SUSE-SU-2020:14267-1

Описание

Список пакетов

SUSE Linux Enterprise Point of Sale 11 SP3

SUSE Linux Enterprise Server 11 SP4-LTSS

Ссылки

Уязвимость: CVE-2019-17571

Описание

Затронутые продукты

Ссылки