openSUSE-SU-2021:1605-1

Опубликовано: 22 дек. 2021

Источник: suse-cvrf

Описание

Security update for log4j

This update for log4j fixes the following issues:

Update to 2.17.0
CVE-2021-45105: Apache Log4j2 does not always protect from infinite recursion in lookup evaluation. (bsc#1193887, bsc#1193888)

This update was imported from the SUSE:SLE-15-SP2:Update update project.

Список пакетов

openSUSE Leap 15.2

log4j-2.17.0-lp152.3.12.1

log4j-javadoc-2.17.0-lp152.3.12.1

log4j-jcl-2.17.0-lp152.3.12.1

log4j-slf4j-2.17.0-lp152.3.12.1

Ссылки

https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/LEXBDKT4RJAGPFECN424ZRWUCLSEVT5K/
E-Mail link for openSUSE-SU-2021:1605-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1193887
SUSE Bug 1193887
https://bugzilla.suse.com/1193888
SUSE Bug 1193888
https://www.suse.com/security/cve/CVE-2021-45105/
SUSE CVE CVE-2021-45105 page

Описание

Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This issue was fixed in Log4j 2.17.0, 2.12.3, and 2.3.1.

Затронутые продукты

openSUSE Leap 15.2:log4j-2.17.0-lp152.3.12.1

openSUSE Leap 15.2:log4j-javadoc-2.17.0-lp152.3.12.1

openSUSE Leap 15.2:log4j-jcl-2.17.0-lp152.3.12.1

openSUSE Leap 15.2:log4j-slf4j-2.17.0-lp152.3.12.1

Ссылки

https://www.suse.com/security/cve/CVE-2021-45105.html
CVE-2021-45105
https://bugzilla.suse.com/1193887
SUSE Bug 1193887
https://bugzilla.suse.com/1193888
SUSE Bug 1193888

openSUSE-SU-2021:1605-1

Описание

Список пакетов

openSUSE Leap 15.2

Ссылки

Уязвимость: CVE-2021-45105

Описание

Затронутые продукты

Ссылки