==========================================================================
Ubuntu Security Notice USN-4495-1
September 15, 2020

Apache Log4j vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 18.04 LTS

Summary:

Apache Log4j could be made to remotely execute arbitrary code if it
received specially crafted log data.

Software Description:
- apache-log4j1.2: Java-based open-source logging tool

Details:

It was discovered that Apache Log4j does not properly deserialize
untrusted data. An attacker could possibly use this issue to remotely
execute arbitrary code. (CVE-2019-17571)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.04 LTS:
  liblog4j1.2-java                1.2.17-8+deb10u1build0.18.04.1

In general, a standard system update will make all the necessary changes.

References:
  https://usn.ubuntu.com/4495-1
  CVE-2019-17571

Package Information:

https://launchpad.net/ubuntu/+source/apache-log4j1.2/1.2.17-8+deb10u1build0.18.04.1