OESA-2021-1462

See a problem?
Please try reporting it to the source first.
Source
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2021-1462
Import Source
https://repo.openeuler.org/security/data/osv/OESA-2021-1462.json
JSON Data
https://api.test.osv.dev/v1/vulns/OESA-2021-1462
Upstream
Published
2021-12-11T11:03:24Z
Modified
2025-08-12T05:10:39.897012Z
Summary
log4j security update
Details

Java logging package.

Security Fix(es):

The details of a high-risk vulnerability in Apache Log4j2 have been disclosed. Attackers can use the vulnerability to execute code remotely. Some reports carry suspected POC; Apache Log4j2 is a Java-based logging tool. This tool rewrites the Log4j framework and introduces a large number of rich features. The log framework is widely used in business system development to record log information. In most cases, developers may write error messages caused by user input into the log. The trigger condition of this vulnerability is that as long as the data input by external users will be recorded in the log, it can cause remote code execution.(CVE-2021-44228)

Database specific 
{
    "severity": "Critical"
}
References

Affected packages

openEuler:20.03-LTS-SP1 / log4j

Package

Name
log4j
Purl
pkg:rpm/openEuler/log4j&distro=openEuler-20.03-LTS-SP1

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.13.2-2.oe1

Ecosystem specific 

{
    "src": [
        "log4j-2.13.2-2.oe1.src.rpm"
    ],
    "noarch": [
        "log4j-2.13.2-2.oe1.noarch.rpm",
        "log4j-bom-2.13.2-2.oe1.noarch.rpm",
        "log4j-help-2.13.2-2.oe1.noarch.rpm",
        "log4j-jcl-2.13.2-2.oe1.noarch.rpm",
        "log4j-jmx-gui-2.13.2-2.oe1.noarch.rpm",
        "log4j-nosql-2.13.2-2.oe1.noarch.rpm",
        "log4j-slf4j-2.13.2-2.oe1.noarch.rpm ",
        "log4j-taglib-2.13.2-2.oe1.noarch.rpm",
        "log4j-web-2.13.2-2.oe1.noarch.rpm"
    ]
}

openEuler:20.03-LTS-SP2 / log4j

Package

Name
log4j
Purl
pkg:rpm/openEuler/log4j&distro=openEuler-20.03-LTS-SP2

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.13.2-2.oe1

Ecosystem specific 

{
    "src": [
        "log4j-2.13.2-2.oe1.src.rpm"
    ],
    "noarch": [
        "log4j-2.13.2-2.oe1.noarch.rpm",
        "log4j-bom-2.13.2-2.oe1.noarch.rpm",
        "log4j-help-2.13.2-2.oe1.noarch.rpm",
        "log4j-jcl-2.13.2-2.oe1.noarch.rpm",
        "log4j-jmx-gui-2.13.2-2.oe1.noarch.rpm",
        "log4j-nosql-2.13.2-2.oe1.noarch.rpm",
        "log4j-slf4j-2.13.2-2.oe1.noarch.rpm ",
        "log4j-taglib-2.13.2-2.oe1.noarch.rpm",
        "log4j-web-2.13.2-2.oe1.noarch.rpm"
    ]
}