Oval Definition:	oval:org.opensuse.security:def:111837
Revision Date: 2021-12-15 Version: 1 Title: Security update for log4j (Important) Description: This update for log4j fixes the following issue: CVE-2021-44228: The previously published fix by upstream turned out to be incomplete. Therefore, upstream has recommended disabling JNDI support in log4j by default to be completely sure that this vulnerability cannot be exploited. This update implements that recommendation and disables JNDI support by default. [bsc#1193611, CVE-2021-44228] CVE-2021-45046: A Thread Context Message Pattern and Context Lookup Pattern vulnerable to a denial of service attack is also fixed by disabling JNDI support by default (bsc#1193743) Family: unix Class: patch Status: Reference(s): 1193611 1193743 CVE-2021-44228 CVE-2021-45046 openSUSE-SU-2021:4094-1 Platform(s): openSUSE Leap 15.3 Product(s): Definition Synopsis openSUSE Leap 15.3 is installed AND Package Information log4j-2.13.0-4.6.1 is installed OR log4j-javadoc-2.13.0-4.6.1 is installed OR log4j-jcl-2.13.0-4.6.1 is installed OR log4j-slf4j-2.13.0-4.6.1 is installed
BACK