openSUSE-SU-2021:1586-1

See a problem?

Import Source

https://ftp.suse.com/pub/projects/security/osv/openSUSE-SU-2021:1586-1.json

JSON Data

https://api.osv.dev/v1/vulns/openSUSE-SU-2021:1586-1

Related

CVE-2021-44228

Published

2021-12-15T08:27:49Z

Modified

2021-12-15T08:27:49Z

Summary

Security update for log4j

Details

This update for log4j fixes the following issue:

CVE-2021-44228: The previously published fix by upstream turned out to be incomplete. Therefore, upstream has recommended disabling JNDI support in log4j by default to be completely sure that this vulnerability cannot be exploited. This update implements that recommendation and disables JNDI support by default. [bsc#1193611, CVE-2021-44228]

This update was imported from the SUSE:SLE-15-SP2:Update update project.

References

Affected packages

openSUSE:Leap 15.2 / log4j

Package

Name: log4j
Purl: purl:rpm/suse/log4j&distro=openSUSE%20Leap%2015.2

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.13.0-lp152.3.6.1

Ecosystem specific

{
    "binaries": [
        {
            "log4j-jcl": "2.13.0-lp152.3.6.1",
            "log4j": "2.13.0-lp152.3.6.1",
            "log4j-javadoc": "2.13.0-lp152.3.6.1",
            "log4j-slf4j": "2.13.0-lp152.3.6.1"
        }
    ]
}