Re: [integer-Ticket #81335] Log4J Sicherheitslücke
Christian Ehrhardt
christian.ehrhardt at canonical.com
Wed Dec 15 07:12:54 UTC 2021
On Tue, Dec 14, 2021 at 10:17 PM integer GmbH <support at integer-it.de> wrote:
> Hello Ubuntu-Team,
> can you please tell me if the follwoing software is affected by the Log4J
> exploit?
>
*disclaimer: I'm not from the security team and this is not a definitive or
formal answer*
Hi,
In general for CVEs you'd want to check the https://ubuntu.com/security
entry for it.
It will mention its status, affected packages and link to further
ressources one should know about.
In this case the links to USN and the wiki page are very helpful as well.
In this case that is at: https://ubuntu.com/security/CVE-2021-44228
The TL;DR could be, you do not list the affected package "apache-log4j1.2",
so not affected.
But TBH your customers website clearly runs apache2 + php which isn't
listed here.
Might there also be some java or any other solution (like an appliance
which sometimes
aren't transparent what they use internally) that uses log4j2, no one here
would know.
python3.8
> python3.8-minimal
> python3-appdirs
> python3-apt
> python3-certifi
> python3-chardet
> python3-crypto
> python3-dbus
> python3-distlib
> python3-distro
> python3-distro-info
> python3-distupgrade
> python3-distutils
> python3-dnspython
> python3-filelock
> python3-gi
> python3-gpg
> python3-idna
> python3-importlib-metadata
> python3-ldb
> python3-lib2to3
> python3-markdown
> python3-minimal
> python3-more-itertools
> python3-netifaces
> python3-packaging
> python3-pkg-resources
> python3-pygments
> python3-pyparsing
> python3-requests
> python3-samba
> python3-six
> python3-talloc
> python3-tdb
> python3-update-manager
> python3-urllib3
> python3-virtualenv
> python3-yaml
> python3-zipp
> python3.6-minimal
> readline-common
> rename
> resolvconf
> rsync
> rsyslog
> samba
> samba-common
> samba-common-bin
> samba-dsdb-modules
> samba-libs
> samba-vfs-modules
> sed
> sensible-utils
> shared-mime-info
> socat
> squid
> squid-common
> squid-langpack
> ssl-cert
> sudo
> systemd
> systemd-sysv
> systemd-timesyncd
> sysvinit-utils
> tar
> tcpd
> tdb-tools
> thermald
> tzdata
> ubuntu-advantage-tools
> ubuntu-minimal
> ubuntu-release-upgrader-core
> ucf
> udev
> update-inetd
> update-manager-core
> usb.ids
> usbutils
> util-linux
> vim-common
> vim-tiny
> virtualenv
> wget
> whiptail
> winbind
> xauth
> xdg-user-dirs
> xkb-data
> xxd
> xz-utils
> zerofree
> zlib1g
> tasksel
> tasksel-data
>
> Our client Hopfenveredlung St. Johann is using this software and we want
> to make sure they are not affected by the Log4J exploit.
>
> Best Regards
> Jonas Böck
>
>
> _ _ _
> integer GmbH Support
> Telefon 08252 - 96031 - 10
> |
> E-Mail: support at integer-it.de
> <https://integer.de/> <http://www.integer-it.de/>
> Hans-Sachs-Weg 25
> |
> 86529
> Schrobenhausen
> Registergericht: Amtsgericht Ingolstadt
> Registernummer: HRB 7821
> Geschäftsführer: Luise Krammer
> Allgemeine Datenschutzhinweise:
> *https://integer-it.de/ds.html* <http://www.integer-it.de/ds.html>
> Folgen Sie uns auf: [image: Facebook] <https://www.facebook.com/integerit>
> [image: Instagram] <https://www.instagram.com/integergmbh/>F
>
>
> <https://heyalter.com/schrobenhausen/>
> <https://heyalter.com/schrobenhausen/>
> <https://heyalter.com/schrobenhausen/>
> _ _ _
>
>
> --
> Ubuntu-devel-discuss mailing list
> Ubuntu-devel-discuss at lists.ubuntu.com
> Modify settings or unsubscribe at:
> https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
>
--
Christian Ehrhardt
Staff Engineer, Ubuntu Server
Canonical Ltd
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/ubuntu-devel-discuss/attachments/20211215/73eacfef/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: integer-logo_d141d426-79be-4a61-9be5-61d598823bdd.png
Type: image/png
Size: 32055 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/ubuntu-devel-discuss/attachments/20211215/73eacfef/attachment-0004.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Facebook_a4f854d7-d64b-473d-85ef-8f08ae4ac7ff.png
Type: image/png
Size: 528 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/ubuntu-devel-discuss/attachments/20211215/73eacfef/attachment-0005.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Instagram_d8301ab7-baaa-48d5-948b-c30dca673e0e.png
Type: image/png
Size: 750 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/ubuntu-devel-discuss/attachments/20211215/73eacfef/attachment-0006.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: heyalter_23c470d3-5806-4549-9ab0-eccd9ccc9fe1.png
Type: image/png
Size: 7900 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/ubuntu-devel-discuss/attachments/20211215/73eacfef/attachment-0007.png>
More information about the Ubuntu-devel-discuss
mailing list