Re: [integer-Ticket #81335] Log4J Sicherheitslücke
Jeffrey Walton
noloader at gmail.com
Sat Dec 18 21:25:54 UTC 2021
On Sat, Dec 18, 2021 at 3:50 PM Christian Ehrhardt <
christian.ehrhardt at canonical.com> wrote:
>
> On Tue, Dec 14, 2021 at 10:17 PM integer GmbH <support at integer-it.de>
> wrote:
>
>> Hello Ubuntu-Team,
>> can you please tell me if the follwoing software is affected by the Log4J
>> exploit?
>>
>
> *disclaimer: I'm not from the security team and this is not a definitive
> or formal answer*
>
> In general for CVEs you'd want to check the https://ubuntu.com/security
> entry for it.
> It will mention its status, affected packages and link to further
> ressources one should know about.
> In this case the links to USN and the wiki page are very helpful as well.
>
> In this case that is at: https://ubuntu.com/security/CVE-2021-44228
>
Related, it looks like CVE-2021-45046 against log4j2 v2.15 applies as well.
It can result in a Remote Code Execution (RCE) under certain circumstances.
Also see https://www.openwall.com/lists/oss-security/2021/12/18/1.
Jeff
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/ubuntu-devel-discuss/attachments/20211218/867ab6a0/attachment.html>
More information about the Ubuntu-devel-discuss
mailing list