| Revision Date: | 2021-12-15 | Version: | 1 |
| Title: | (Important) |
| Description: |
This update for log4j fixes the following issue:
CVE-2021-44228: The previously published fix by upstream turned out to be incomplete. Therefore, upstream has recommended disabling JNDI support in log4j by default to be completely sure that this vulnerability cannot be exploited.
This update implements that recommendation and disables JNDI support by default. [bsc#1193611, CVE-2021-44228]
CVE-2021-45046: A Thread Context Message Pattern and Context Lookup Pattern vulnerable to a denial of service attack is also fixed by disabling JNDI support by default (bsc#1193743)
|
| Family: | unix | Class: | patch |
| Status: | | Reference(s): | 1193611
1193743
CVE-2017-15631
CVE-2021-44228
CVE-2021-45046
|
| Platform(s): | Image SLES15-SP3-Manager-4-2-Server-BYOS-GCE
SUSE Linux Enterprise Desktop 15 SP2
SUSE Linux Enterprise High Performance Computing 15 SP2
SUSE Linux Enterprise Module for Basesystem 15 SP2
SUSE Linux Enterprise Server 15 SP2
SUSE Linux Enterprise Server for SAP Applications 15 SP2
SUSE Linux Enterprise Storage 7
SUSE Manager Proxy 4.1
SUSE Manager Server 4.1
| Product(s): | |
| Definition Synopsis |
| SUSE Linux Enterprise Module for Basesystem 15 SP2 is installed AND yubikey-manager-2.1.0-1.10 is installed
|
| Definition Synopsis |
| Image SLES15-SP3-Manager-4-2-Server-BYOS-GCE is installed
AND Package Information
log4j-2.13.0-4.6.1 is installed
OR log4j-slf4j-2.13.0-4.6.1 is installed
|