Oval Definition:
oval:org.opensuse.security:def:118745
Revision Date
:
2022-01-28
Version
:
1
Title
:
Security update for log4j12 (Important)
Description
:
This update for log4j12 fixes the following issues:
- CVE-2022-23307: Fix deserialization issue by removing the chainsaw sub-package. (bsc#1194844) - CVE-2022-23305: Fix SQL injection by removing src/main/java/org/apache/log4j/jdbc/JDBCAppender.java. (bsc#1194843) - CVE-2022-23302: Fix remote code execution by removing src/main/java/org/apache/log4j/net/JMSSink.java. (bsc#1194842)
Family
:
unix
Class
:
patch
Status
:
Reference(s)
:
1193184
1194842
1194843
1194844
CVE-2022-23302
CVE-2022-23305
CVE-2022-23307
SUSE-SU-2022:0226-1
Platform(s)
:
SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS
Product(s)
:
Definition Synopsis
SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS is installed
AND
Package Information
log4j12-1.2.17-4.9.1 is installed
OR
log4j12-javadoc-1.2.17-4.9.1 is installed
OR
log4j12-manual-1.2.17-4.9.1 is installed
BACK