Oval Definition:oval:org.opensuse.security:def:67359
Revision Date:2021-12-17Version:1
Title:Security update for logback (Important)
Description:

This update for logback fixes the following issues:

Upgrade to version 1.2.8

+ In response to log4Shell/CVE-2021-44228, all JNDI lookup code in logback has been disabled until further notice. This impacts ContextJNDISelector and insertFromJNDI element in configuration files. + Also in response to log4Shell/CVE-2021-44228, all database (JDBC) related code in the project has been removed with no replacement. + Note that the vulnerability mentioned in LOGBACK-1591 requires write access to logback's configuration file as a prerequisite. The log4Shell/CVE-2021-44228 and LOGBACK-1591 are of different severity levels. A successful RCE requires all of the following conditions to be met: - write access to logback.xml - use of versions lower then 1.2.8 - reloading of poisoned configuration data, which implies application restart or scan='true' set prior to attack
Family:unixClass:patch
Status:Reference(s):1160968
1161883
1169511
1171352
1172277
1174458
1193795
CVE-2019-2949
CVE-2020-14339
CVE-2020-2654
CVE-2020-2754
CVE-2020-2755
CVE-2020-2756
CVE-2020-2757
CVE-2020-2781
CVE-2020-2800
CVE-2020-2803
CVE-2020-2805
CVE-2020-2830
CVE-2021-44228
SUSE-SU-2020:1684-1
SUSE-SU-2020:2269-1
Platform(s):SUSE Linux Enterprise Module for Legacy Software 15 SP2
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP3
SUSE Linux Enterprise Module for Server Applications 15 SP2
Product(s):
Definition Synopsis
  • SUSE Linux Enterprise Module for Legacy Software 15 SP2 is installed
  • AND Package Information
  • java-1_8_0-ibm-1.8.0_sr6.10-3.38 is installed
  • OR java-1_8_0-ibm-alsa-1.8.0_sr6.10-3.38 is installed
  • OR java-1_8_0-ibm-devel-1.8.0_sr6.10-3.38 is installed
  • OR java-1_8_0-ibm-plugin-1.8.0_sr6.10-3.38 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Module for Server Applications 15 SP2 is installed
  • AND Package Information
  • libvirt-6.0.0-13.3 is installed
  • OR libvirt-admin-6.0.0-13.3 is installed
  • OR libvirt-bash-completion-6.0.0-13.3 is installed
  • OR libvirt-client-6.0.0-13.3 is installed
  • OR libvirt-daemon-6.0.0-13.3 is installed
  • OR libvirt-daemon-config-network-6.0.0-13.3 is installed
  • OR libvirt-daemon-config-nwfilter-6.0.0-13.3 is installed
  • OR libvirt-daemon-driver-interface-6.0.0-13.3 is installed
  • OR libvirt-daemon-driver-libxl-6.0.0-13.3 is installed
  • OR libvirt-daemon-driver-lxc-6.0.0-13.3 is installed
  • OR libvirt-daemon-driver-network-6.0.0-13.3 is installed
  • OR libvirt-daemon-driver-nodedev-6.0.0-13.3 is installed
  • OR libvirt-daemon-driver-nwfilter-6.0.0-13.3 is installed
  • OR libvirt-daemon-driver-qemu-6.0.0-13.3 is installed
  • OR libvirt-daemon-driver-secret-6.0.0-13.3 is installed
  • OR libvirt-daemon-driver-storage-6.0.0-13.3 is installed
  • OR libvirt-daemon-driver-storage-core-6.0.0-13.3 is installed
  • OR libvirt-daemon-driver-storage-disk-6.0.0-13.3 is installed
  • OR libvirt-daemon-driver-storage-iscsi-6.0.0-13.3 is installed
  • OR libvirt-daemon-driver-storage-logical-6.0.0-13.3 is installed
  • OR libvirt-daemon-driver-storage-mpath-6.0.0-13.3 is installed
  • OR libvirt-daemon-driver-storage-rbd-6.0.0-13.3 is installed
  • OR libvirt-daemon-driver-storage-scsi-6.0.0-13.3 is installed
  • OR libvirt-daemon-hooks-6.0.0-13.3 is installed
  • OR libvirt-daemon-lxc-6.0.0-13.3 is installed
  • OR libvirt-daemon-qemu-6.0.0-13.3 is installed
  • OR libvirt-daemon-xen-6.0.0-13.3 is installed
  • OR libvirt-devel-6.0.0-13.3 is installed
  • OR libvirt-doc-6.0.0-13.3 is installed
  • OR libvirt-lock-sanlock-6.0.0-13.3 is installed
  • OR libvirt-nss-6.0.0-13.3 is installed
    • BACK