Gentoo Linux Security Advisory 202402-16 - Multiple vulnerabilities have been discovered in Apache Log4j, the worst of which can lead to remote code execution. Versions less than or equal to 1.2.17 are affected.
79e0825715a2197c39850bba10de0d238187f4c93dcdf24c6b31b702cdb3131eUbuntu Security Notice 5998-1 - It was discovered that the SocketServer component of Apache Log4j 1.2 incorrectly handled deserialization. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 16.04 ESM. It was discovered that the JMSSink component of Apache Log4j 1.2 incorrectly handled deserialization. An attacker could possibly use this issue to execute arbitrary code.
0e9670eb797b9ec131a46bb75f321c8da3450087baa95b89a755d534ca79e9f4Red Hat Security Advisory 2022-5053-01 - Log4j is a tool to help the programmer output log statements to a variety of output targets. Issues addressed include a deserialization vulnerability.
d6aae2486a87548e2da8656185a8bb2c62d41cf92abd190bf4dbc8bea522c0e8Red Hat Security Advisory 2022-0507-01 - Red Hat JBoss Data Virtualization is a lean data integration solution that provides easy, real-time, and unified data access across disparate sources to multiple applications and users. JBoss Data Virtualization makes data spread across physically distinct systems - such as multiple databases, XML files, and even Hadoop systems - appear as a set of tables in a local database. This Service Pack release of Red Hat JBoss Data Virtualization 6.4.8.SP2 serves as a replacement for Red Hat JBoss Data Virtualization 6.4.8 and Red Hat JBoss Data Virtualization 6.4.8.SP1, and mitigates the impact of the log4j CVE's referenced in this document by removing the affected classes from the patch. Issues addressed include code execution, deserialization, and remote SQL injection vulnerabilities.
fbe91d1bc3ed2e3fbb1fa5ff2f36ba68eca8d2c1b922285bb6706923bbca97ffRed Hat Security Advisory 2022-0497-01 - Red Hat JBoss Data Virtualization is a lean data integration solution that provides easy, real-time, and unified data access across disparate sources to multiple applications and users. JBoss Data Virtualization makes data spread across physically distinct systems - such as multiple databases, XML files, and even Hadoop systems - appear as a set of tables in a local database. This Service Pack release of Red Hat JBoss Data Virtualization 6.4.8.SP1 serves as a replacement for Red Hat JBoss Data Virtualization 6.4.8, and mitigates the impact of the log4j CVE's referenced in this document by removing the affected classes from the patch. Issues addressed include code execution, deserialization, and remote SQL injection vulnerabilities.
6c39fe299319c65184c9323080800c96f0b6e163fb623cde6dac60e579651689Ubuntu Security Notice 4495-1 - It was discovered that Apache Log4j does not properly deserialize untrusted data. An attacker could possibly use this issue to remotely execute arbitrary code.
d53f82097b8b22273ce0af7583c015d35c35509bef10c5df372286782ec1f909Debian Linux Security Advisory 4686-1 - It was discovered that the SocketServer class included in apache-log4j1.2, a logging library for java, is vulnerable to deserialization of untrusted data. An attacker can take advantage of this flaw to execute arbitrary code in the context of the logger application by sending a specially crafted log event.
b7652cf3e1c98d44b0475cd461748855ac6cb1cda2d39aaf078852e016be5ce0
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed