MGASA-2021-0556

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2021-0556.html

Import Source

https://advisories.mageia.org/MGASA-2021-0556.json

JSON Data

https://api.osv.dev/v1/vulns/MGASA-2021-0556

Related

CVE-2021-44228

Published

2021-12-11T01:02:37Z

Modified

2021-12-11T00:29:37Z

Summary

Updated log4j packages fix security vulnerability

Details

Apache Log4j2 <=2.14.1 JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. (CVE-2021-44228)

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:8 / log4j

Package

Name: log4j
Purl: pkg:rpm/mageia/log4j?distro=mageia-8

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.13.3-1.1.mga8

Ecosystem specific

{
    "section": "core"
}