Oval Definition:oval:org.opensuse.security:def:6270
Revision Date:2021-12-17Version:1
Title:Security update for logback (Important)
Description:

This update for logback fixes the following issues:

Upgrade to version 1.2.8

+ In response to log4Shell/CVE-2021-44228, all JNDI lookup code in logback has been disabled until further notice. This impacts ContextJNDISelector and insertFromJNDI element in configuration files. + Also in response to log4Shell/CVE-2021-44228, all database (JDBC) related code in the project has been removed with no replacement. + Note that the vulnerability mentioned in LOGBACK-1591 requires write access to logback's configuration file as a prerequisite. The log4Shell/CVE-2021-44228 and LOGBACK-1591 are of different severity levels. A successful RCE requires all of the following conditions to be met: - write access to logback.xml - use of versions lower then 1.2.8 - reloading of poisoned configuration data, which implies application restart or scan='true' set prior to attack
Family:unixClass:patch
Status:Reference(s):1193795
CVE-2009-2285
CVE-2009-2347
CVE-2010-1205
CVE-2010-2065
CVE-2010-2067
CVE-2010-2233
CVE-2010-2240
CVE-2010-2640
CVE-2010-2641
CVE-2010-2642
CVE-2010-2643
CVE-2010-2891
CVE-2010-4651
CVE-2010-4665
CVE-2011-0192
CVE-2011-1167
CVE-2011-2501
CVE-2011-3026
CVE-2011-3045
CVE-2011-3048
CVE-2011-3635
CVE-2012-1173
CVE-2012-2113
CVE-2012-3386
CVE-2012-3401
CVE-2012-3466
CVE-2012-4564
CVE-2013-1940
CVE-2013-1960
CVE-2013-1961
CVE-2013-4231
CVE-2013-4232
CVE-2013-4243
CVE-2013-4244
CVE-2013-4396
CVE-2013-6424
CVE-2013-7353
CVE-2013-7354
CVE-2014-0011
CVE-2014-2497
CVE-2014-8091
CVE-2014-8092
CVE-2014-8093
CVE-2014-8094
CVE-2014-8095
CVE-2014-8096
CVE-2014-8097
CVE-2014-8098
CVE-2014-8099
CVE-2014-8100
CVE-2014-8101
CVE-2014-8102
CVE-2014-8103
CVE-2014-8127
CVE-2014-8128
CVE-2014-8129
CVE-2014-8130
CVE-2014-8240
CVE-2014-8962
CVE-2014-9028
CVE-2014-9622
CVE-2014-9655
CVE-2014-9709
CVE-2015-0255
CVE-2015-0255
CVE-2015-1196
CVE-2015-1395
CVE-2015-1396
CVE-2015-1547
CVE-2015-3164
CVE-2015-3418
CVE-2015-7554
CVE-2015-7981
CVE-2015-8126
CVE-2015-8370
CVE-2015-8540
CVE-2015-8665
CVE-2015-8683
CVE-2015-8781
CVE-2015-8782
CVE-2015-8783
CVE-2016-10087
CVE-2016-10095
CVE-2016-10166
CVE-2016-10167
CVE-2016-10168
CVE-2016-10266
CVE-2016-10267
CVE-2016-10268
CVE-2016-10269
CVE-2016-10270
CVE-2016-10271
CVE-2016-10272
CVE-2016-10371
CVE-2016-10713
CVE-2016-1602
CVE-2016-3186
CVE-2016-3622
CVE-2016-3623
CVE-2016-3632
CVE-2016-3658
CVE-2016-3945
CVE-2016-3990
CVE-2016-3991
CVE-2016-5116
CVE-2016-5314
CVE-2016-5316
CVE-2016-5317
CVE-2016-5318
CVE-2016-5319
CVE-2016-5320
CVE-2016-5321
CVE-2016-5323
CVE-2016-5652
CVE-2016-5875
CVE-2016-6128
CVE-2016-6132
CVE-2016-6161
CVE-2016-6207
CVE-2016-6214
CVE-2016-6318
CVE-2016-6905
CVE-2016-6906
CVE-2016-6911
CVE-2016-6912
CVE-2016-7568
CVE-2016-8331
CVE-2016-8670
CVE-2016-9273
CVE-2016-9297
CVE-2016-9317
CVE-2016-9448
CVE-2016-9453
CVE-2016-9538
CVE-2016-9933
CVE-2017-11613
CVE-2017-12176
CVE-2017-12183
CVE-2017-12187
CVE-2017-13721
CVE-2017-13723
CVE-2017-16232
CVE-2017-17942
CVE-2017-17973
CVE-2017-18013
CVE-2017-18266
CVE-2017-2624
CVE-2017-5225
CVE-2017-6362
CVE-2017-7592
CVE-2017-7593
CVE-2017-7594
CVE-2017-7595
CVE-2017-7596
CVE-2017-7597
CVE-2017-7598
CVE-2017-7599
CVE-2017-7600
CVE-2017-7601
CVE-2017-7602
CVE-2017-9403
CVE-2017-9404
CVE-2017-9935
CVE-2017-9936
CVE-2018-1000156
CVE-2018-1000222
CVE-2018-10779
CVE-2018-10963
CVE-2018-14665
CVE-2018-16335
CVE-2018-17100
CVE-2018-17101
CVE-2018-17795
CVE-2018-5711
CVE-2018-5784
CVE-2018-6951
CVE-2018-7456
CVE-2018-8905
CVE-2021-44228
Platform(s):openSUSE 13.1
openSUSE 13.1 NonFree
openSUSE 13.2
openSUSE 13.2 NonFree
openSUSE Leap 42.1
SUSE Cloud Compute Node for SUSE Linux Enterprise 12 5
SUSE Linux Enterprise Build System Kit 12 SP2
SUSE Linux Enterprise Build System Kit 12 SP3
SUSE Linux Enterprise Build System Kit 12 SP4
SUSE Linux Enterprise Desktop 11 SP2
SUSE Linux Enterprise Desktop 11 SP3
SUSE Linux Enterprise Desktop 12
SUSE Linux Enterprise Desktop 12 SP1
SUSE Linux Enterprise Desktop 12 SP2
SUSE Linux Enterprise Desktop 12 SP4
SUSE Linux Enterprise for SAP 12 SP1
SUSE Linux Enterprise for SAP 12 SP2
SUSE Linux Enterprise High Availability 12 SP3
SUSE Linux Enterprise High Availability 12 SP5
SUSE Linux Enterprise High Performance Computing 12 SP5
SUSE Linux Enterprise Live Patching 12
SUSE Linux Enterprise Live Patching 12 SP3
SUSE Linux Enterprise Module for Advanced Systems Management 12
SUSE Linux Enterprise Module for Legacy Software 12
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP3
SUSE Linux Enterprise Module for Public Cloud 12
SUSE Linux Enterprise Module for Web Scripting 12
SUSE Linux Enterprise Point of Sale 12 SP2
SUSE Linux Enterprise Point of Sale 12 SP2-CLIENT
SUSE Linux Enterprise Server 11 SP1
SUSE Linux Enterprise Server 11 SP2
SUSE Linux Enterprise Server 11 SP3
SUSE Linux Enterprise Server 11 SP4
SUSE Linux Enterprise Server 12
SUSE Linux Enterprise Server 12 SP1
SUSE Linux Enterprise Server 12 SP2
SUSE Linux Enterprise Server 12 SP3
SUSE Linux Enterprise Server 12 SP4
SUSE Linux Enterprise Server 12-LTSS
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2
SUSE Linux Enterprise Server for SAP Applications 12 SP2
SUSE Linux Enterprise Server for SAP Applications 12 SP3
SUSE Linux Enterprise Server for VMWare 11 SP3
SUSE Linux Enterprise Software Development Kit 11 SP2
SUSE Linux Enterprise Software Development Kit 11 SP3
SUSE Linux Enterprise Software Development Kit 11 SP4
SUSE Linux Enterprise Software Development Kit 12
SUSE Linux Enterprise Software Development Kit 12 SP1
SUSE Linux Enterprise Software Development Kit 12 SP2
SUSE Linux Enterprise Software Development Kit 12 SP3
SUSE Linux Enterprise Software Development Kit 12 SP4
SUSE OpenStack Cloud 6
Product(s):
Definition Synopsis
  • SUSE Linux Enterprise Build System Kit 12 SP2 is installed
  • AND kernel-zfcpdump-4.4.74-92.35 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Build System Kit 12 SP3 is installed
  • AND kernel-zfcpdump-4.4.82-6.3 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Build System Kit 12 SP4 is installed
  • AND Package Information
  • libreoffice-6.0.5.2-43.38 is installed
  • OR libreoffice-sdk-6.0.5.2-43.38 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Desktop 11 SP2 is installed
  • AND Package Information
  • cups-1.3.9-8.46.48.1 is installed
  • OR cups-client-1.3.9-8.46.48.1 is installed
  • OR cups-libs-1.3.9-8.46.48.1 is installed
  • OR cups-libs-32bit-1.3.9-8.46.48.1 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Desktop 11 SP3 is installed
  • AND Package Information
  • MozillaFirefox-31.8.0esr-0.10.1 is installed
  • OR MozillaFirefox-translations-31.8.0esr-0.10.1 is installed
  • OR libfreebl3-3.19.2_CKBI_1.98-0.10.1 is installed
  • OR libfreebl3-32bit-3.19.2_CKBI_1.98-0.10.1 is installed
  • OR libsoftokn3-3.19.2_CKBI_1.98-0.10.1 is installed
  • OR libsoftokn3-32bit-3.19.2_CKBI_1.98-0.10.1 is installed
  • OR mozilla-nspr-4.10.8-0.5.1 is installed
  • OR mozilla-nspr-32bit-4.10.8-0.5.1 is installed
  • OR mozilla-nss-3.19.2_CKBI_1.98-0.10.1 is installed
  • OR mozilla-nss-32bit-3.19.2_CKBI_1.98-0.10.1 is installed
  • OR mozilla-nss-tools-3.19.2_CKBI_1.98-0.10.1 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Desktop 12 is installed
  • AND Package Information
  • tigervnc-1.3.0-22 is installed
  • OR xorg-x11-Xvnc-1.3.0-22 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Desktop 12 SP1 is installed
  • AND Package Information
  • MozillaFirefox-38.5.0esr-54 is installed
  • OR MozillaFirefox-translations-38.5.0esr-54 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Desktop 12 SP2 is installed
  • AND Package Information
  • cracklib-2.9.0-7 is installed
  • OR libcrack2-2.9.0-7 is installed
  • OR libcrack2-32bit-2.9.0-7 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Desktop 12 SP4 is installed
  • AND Package Information
  • empathy-3.12.13-8.3 is installed
  • OR empathy-lang-3.12.13-8.3 is installed
  • OR telepathy-mission-control-plugin-goa-3.12.13-8.3 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise for SAP 12 SP1 is installed
  • AND Package Information
  • kgraft-patch-3_12_69-60_64_29-default-5-3 is installed
  • OR kgraft-patch-3_12_69-60_64_29-xen-5-3 is installed
  • OR kgraft-patch-SLE12-SP1_Update_12-5-3 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise for SAP 12 SP2 is installed
  • AND Package Information
  • compat-openssl098-0.9.8j-105.1 is installed
  • OR libopenssl0_9_8-0.9.8j-105.1 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise High Availability 12 SP3 is installed
  • AND ctdb-4.6.5+git.27.6afd48b1083-2 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise High Availability 12 SP5 is installed
  • AND lighttpd-1.4.35-3 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise High Performance Computing 12 SP5 is installed
  • AND apache-commons-httpclient-3.1-4 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Live Patching 12 is installed
  • AND Package Information
  • kgraft-patch-4_4_21-90-default-8-2 is installed
  • OR kgraft-patch-SLE12-SP2_Update_3-8-2 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Live Patching 12 SP3 is installed
  • AND Package Information
  • kgraft-patch-4_4_82-6_9-default-2-2 is installed
  • OR kgraft-patch-SLE12-SP3_Update_3-2-2 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Module for Advanced Systems Management 12 is installed
  • AND facter-2.0.2-1 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Module for Legacy Software 12 is installed
  • AND Package Information
  • libopenssl0_9_8-0.9.8j-59 is installed
  • OR libopenssl0_9_8-32bit-0.9.8j-59 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Module for Public Cloud 12 is installed
  • AND Package Information
  • kernel-ec2-3.12.38-44 is installed
  • OR kernel-ec2-devel-3.12.38-44 is installed
  • OR kernel-ec2-extra-3.12.38-44 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Module for Web Scripting 12 is installed
  • AND Package Information
  • nodejs4-4.5.0-5 is installed
  • OR nodejs4-devel-4.5.0-5 is installed
  • OR nodejs4-docs-4.5.0-5 is installed
  • OR npm4-4.5.0-5 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Point of Sale 12 SP2 is installed
  • AND Package Information
  • salt-2016.11.4-46.10 is installed
  • OR salt-minion-2016.11.4-46.10 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Point of Sale 12 SP2-CLIENT is installed
  • AND Package Information
  • glibc-2.22-62.13 is installed
  • OR glibc-32bit-2.22-62.13 is installed
  • OR glibc-devel-2.22-62.13 is installed
  • OR glibc-devel-32bit-2.22-62.13 is installed
  • OR glibc-html-2.22-62.13 is installed
  • OR glibc-i18ndata-2.22-62.13 is installed
  • OR glibc-info-2.22-62.13 is installed
  • OR glibc-locale-2.22-62.13 is installed
  • OR glibc-locale-32bit-2.22-62.13 is installed
  • OR glibc-profile-2.22-62.13 is installed
  • OR glibc-profile-32bit-2.22-62.13 is installed
  • OR nscd-2.22-62.13 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 11 SP1 is installed
  • AND Package Information
  • postgresql-8.3.9-0.1.1 is installed
  • OR postgresql-contrib-8.3.9-0.1.1 is installed
  • OR postgresql-docs-8.3.9-0.1.1 is installed
  • OR postgresql-libs-8.3.9-0.1.1 is installed
  • OR postgresql-libs-32bit-8.3.9-0.1.1 is installed
  • OR postgresql-libs-x86-8.3.9-0.1.1 is installed
  • OR postgresql-server-8.3.9-0.1.1 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 11 SP2 is installed
  • AND Package Information
  • NetworkManager-0.7.1_git20090811-3.20.5 is installed
  • OR NetworkManager-glib-0.7.1_git20090811-3.20.5 is installed
    • Definition Synopsis
  • Release Information
  • SUSE Linux Enterprise Server 11 SP3 is installed
  • AND
  • libopenssl0_9_8-0.9.8j-0.66.1 is installed
  • OR libopenssl0_9_8-32bit-0.9.8j-0.66.1 is installed
  • OR libopenssl0_9_8-hmac-0.9.8j-0.66.1 is installed
  • OR libopenssl0_9_8-hmac-32bit-0.9.8j-0.66.1 is installed
  • OR libopenssl0_9_8-x86-0.9.8j-0.66.1 is installed
  • OR openssl-0.9.8j-0.66.1 is installed
  • OR openssl-doc-0.9.8j-0.66.1 is installed
  • OR Package Information
  • SUSE Linux Enterprise Server for VMWare 11 SP3 is installed
  • AND
  • libopenssl0_9_8-0.9.8j-0.66.1 is installed
  • OR libopenssl0_9_8-32bit-0.9.8j-0.66.1 is installed
  • OR libopenssl0_9_8-hmac-0.9.8j-0.66.1 is installed
  • OR libopenssl0_9_8-hmac-32bit-0.9.8j-0.66.1 is installed
  • OR libopenssl0_9_8-x86-0.9.8j-0.66.1 is installed
  • OR openssl-0.9.8j-0.66.1 is installed
  • OR openssl-doc-0.9.8j-0.66.1 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 11 SP3 is installed
  • AND Package Information
  • apache2-2.2.12-1.38.2 is installed
  • OR apache2-doc-2.2.12-1.38.2 is installed
  • OR apache2-example-pages-2.2.12-1.38.2 is installed
  • OR apache2-prefork-2.2.12-1.38.2 is installed
  • OR apache2-utils-2.2.12-1.38.2 is installed
  • OR apache2-worker-2.2.12-1.38.2 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 11 SP4 is installed
  • AND Package Information
  • bind-9.9.6P1-0.5.5 is installed
  • OR bind-chrootenv-9.9.6P1-0.5.5 is installed
  • OR bind-doc-9.9.6P1-0.5.5 is installed
  • OR bind-libs-9.9.6P1-0.5.5 is installed
  • OR bind-libs-32bit-9.9.6P1-0.5.5 is installed
  • OR bind-libs-x86-9.9.6P1-0.5.1 is installed
  • OR bind-utils-9.9.6P1-0.5.5 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 is installed
  • AND Package Information
  • apache2-2.4.10-6 is installed
  • OR apache2-doc-2.4.10-6 is installed
  • OR apache2-example-pages-2.4.10-6 is installed
  • OR apache2-prefork-2.4.10-6 is installed
  • OR apache2-utils-2.4.10-6 is installed
  • OR apache2-worker-2.4.10-6 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP1 is installed
  • AND Package Information
  • bind-9.9.6P1-30 is installed
  • OR bind-chrootenv-9.9.6P1-30 is installed
  • OR bind-doc-9.9.6P1-30 is installed
  • OR bind-libs-9.9.6P1-30 is installed
  • OR bind-libs-32bit-9.9.6P1-30 is installed
  • OR bind-utils-9.9.6P1-30 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2 is installed
  • AND apache2-mod_jk-1.2.40-5 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3 is installed
  • AND Package Information
  • aaa_base-13.2+git20140911.61c1681-36 is installed
  • OR aaa_base-extras-13.2+git20140911.61c1681-36 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP4 is installed
  • AND Package Information
  • apache-commons-beanutils-1.9.2-1 is installed
  • OR apache-commons-beanutils-javadoc-1.9.2-1 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12-LTSS is installed
  • AND Package Information
  • kgraft-patch-3_12_51-52_34-default-5-2.2 is installed
  • OR kgraft-patch-3_12_51-52_34-xen-5-2.2 is installed
  • OR kgraft-patch-SLE12_Update_10-5-2.2 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server for Raspberry Pi 12 SP2 is installed
  • AND Package Information
  • xorg-x11-server-7.6_1.18.3-57 is installed
  • OR xorg-x11-server-extra-7.6_1.18.3-57 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server for SAP Applications 12 SP2 is installed
  • AND clamav-0.100.3-33.29 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server for SAP Applications 12 SP3 is installed
  • AND Package Information
  • compat-openssl098-0.9.8j-106.6 is installed
  • OR libopenssl0_9_8-0.9.8j-106.6 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Software Development Kit 11 SP2 is installed
  • AND Package Information
  • ghostscript-devel-8.62-32.34.1 is installed
  • OR ghostscript-ijs-devel-8.62-32.34.1 is installed
  • OR libgimpprint-devel-4.2.7-32.34.1 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Software Development Kit 11 SP3 is installed
  • AND MozillaFirefox-devel-17.0.9esr-0.7.1 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Software Development Kit 11 SP4 is installed
  • AND Package Information
  • e2fsprogs-devel-1.41.9-2.14.3 is installed
  • OR libcom_err-devel-1.41.9-2.14.3 is installed
  • OR libcom_err-devel-32bit-1.41.9-2.14.3 is installed
  • OR libext2fs-devel-1.41.9-2.14.3 is installed
  • OR libext2fs-devel-32bit-1.41.9-2.14.3 is installed
  • OR libext2fs2-32bit-1.41.9-2.14.3 is installed
  • OR libext2fs2-x86-1.41.9-2.14.3 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Software Development Kit 12 is installed
  • AND Package Information
  • firebird-devel-2.5.2.26539-13 is installed
  • OR libfbembed-devel-2.5.2.26539-13 is installed
  • OR libfbembed2_5-2.5.2.26539-13 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Software Development Kit 12 SP1 is installed
  • AND MozillaFirefox-devel-38.4.0esr-51 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Software Development Kit 12 SP2 is installed
  • AND MozillaFirefox-devel-45.4.0esr-81 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Software Development Kit 12 SP3 is installed
  • AND LibVNCServer-devel-0.9.9-16 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Software Development Kit 12 SP4 is installed
  • AND apache-pdfbox-1.8.12-3.5 is installed
    • BACK