DLA 2065-1: apache-log4j1.2 security update

Debian 10209 Published 2020-01-13 05:45 by Philipp Esselbach

News

An apache-log4j1.2 security update has been released for Debian GNU/Linux 8 LTS

Package : apache-log4j1.2
Version : 1.2.17-5+deb8u1
CVE ID : CVE-2019-17571
Debian Bug : 947124

Included in Log4j 1.2, a logging library for Java, is a SocketServer
class that is vulnerable to deserialization of untrusted data which can
be exploited to remotely execute arbitrary code when combined with a
deserialization gadget when listening to untrusted network traffic for
log data.

For Debian 8 "Jessie", this problem has been fixed in version
1.2.17-5+deb8u1.

We recommend that you upgrade your apache-log4j1.2 packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

SCALE 18x Last Day for Early Bird Pricing

Fedora 31 Update: libvpx-1.8.2-1.fc31

Windows

Software 42730
Fort Firewall 3.14.11 Test02 released
2024-11-07 08:44 by Philipp Esselbach
Windows 11 492
Windows 11 Insider Preview Build 27744 (Canary Channel) released
2024-11-07 06:54 by Philipp Esselbach
Microsoft 11795
Windows Package Manager 1.10.30 Preview released
2024-11-06 08:03 by Philipp Esselbach

Linux

KDE 1533
KDE Gear 24.08.3 released
2024-11-08 07:15 by Philipp Esselbach
KDE 1533
Kdenlive 24.08.3 released
2024-11-08 07:12 by Philipp Esselbach
Debian 10209
Context, Pypy3, Webkit2GTK updates for Debian
2024-11-08 07:09 by Philipp Esselbach

macOS

Apple 10241
watchOS 11.1 released
2024-10-28 18:36 by Philipp Esselbach
Apple 10241
iOS 18.1 and iPadOS 18.1 released
2024-10-28 18:36 by Philipp Esselbach
Apple 10241
tvOS 18.1 released
2024-10-28 18:36 by Philipp Esselbach

Community

dhamu
Hello Phil, I have a Linux Tutorial website that curre ...
StephanX
Hi friends, i am new in the Linux universe but i try to ...
Philipp
I would try the XanMod kernel: https://xanmod.org I ...