Ubuntu Security Notice 5223-1 - It was discovered that Apache Log4j 1.2 was vulnerable to deserialization of untrusted data if the configuration file was editable. An attacker could use this vulnerability to cause a DoS or possibly execute arbitrary code.
7e6ac7124cb81b224f23e6ce58a4e4ec43fbed1ad62e5886a43476ddc00824af