Oval Definition:	oval:org.opensuse.security:def:67356
Revision Date: 2021-12-15 Version: 1 Title: Security update for log4j (Important) Description: This update for log4j fixes the following issue: CVE-2021-44228: The previously published fix by upstream turned out to be incomplete. Therefore, upstream has recommended disabling JNDI support in log4j by default to be completely sure that this vulnerability cannot be exploited. This update implements that recommendation and disables JNDI support by default. [bsc#1193611, CVE-2021-44228] CVE-2021-45046: A Thread Context Message Pattern and Context Lookup Pattern vulnerable to a denial of service attack is also fixed by disabling JNDI support by default (bsc#1193743) Family: unix Class: patch Status: Reference(s): 1166844 1168994 1173812 1174463 1174570 1193611 1193743 CVE-2020-10531 CVE-2020-10713 CVE-2020-14308 CVE-2020-14309 CVE-2020-14310 CVE-2020-14311 CVE-2020-15706 CVE-2020-15707 CVE-2021-44228 CVE-2021-45046 SUSE-SU-2020:2074-1 Platform(s): SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP2 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP3 SUSE Linux Enterprise Module for Server Applications 15 SP2 Product(s): Definition Synopsis SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP2 is installed AND Package Information icu-60.2-3.9 is installed OR libicu60_2-32bit-60.2-3.9 is installed OR libicu60_2-bedata-60.2-3.9 is installed OR libicu60_2-ledata-60.2-3.9 is installed Definition Synopsis SUSE Linux Enterprise Module for Server Applications 15 SP2 is installed AND Package Information grub2-2.04-9.7 is installed OR grub2-x86_64-xen-2.04-9.7 is installed
BACK