Oval Definition:	oval:org.opensuse.security:def:93784
Revision Date: 2021-12-16 Version: 1 Title: (Important) Description: This update for log4j fixes the following issue: - Previously published fixes for log4jshell turned out to be incomplete. Upstream has followed up on the original patch for CVE-2021-44228 with several additional changes (LOG4J2-3198, LOG4J2-3201, LOG4J2-3208, and LOG4J2-3211) that are included in this update. Since the totality of those patches is pretty much equivalent to an update to the latest version of log4j, we did update the package's tarball from version 2.13.0 to 2.16.0 instead of trying to apply those patches to the old version. This change brings in a new dependency on 'jakarta-servlet' and a version update of 'disruptor'. [bsc#1193743, CVE-2021-45046] Family: unix Class: patch Status: Reference(s): 1193743 CVE-2014-2497 CVE-2016-10166 CVE-2016-10167 CVE-2016-10168 CVE-2016-5116 CVE-2016-5766 CVE-2016-6128 CVE-2016-6132 CVE-2016-6207 CVE-2016-6214 CVE-2016-6905 CVE-2016-6912 CVE-2016-9317 CVE-2017-6362 CVE-2017-7890 CVE-2018-1000222 CVE-2018-14553 CVE-2018-5711 CVE-2019-11038 CVE-2019-6977 CVE-2019-6978 CVE-2021-44228 CVE-2021-45046 Platform(s): Image SLES15-SP4-Manager-Server-4-3-BYOS SUSE Linux Enterprise Desktop 15 SP2 SUSE Linux Enterprise High Performance Computing 15 SP2 SUSE Linux Enterprise Module for Basesystem 15 SP2 SUSE Linux Enterprise Server 15 SP2 SUSE Linux Enterprise Server for SAP Applications 15 SP2 SUSE Linux Enterprise Storage 7 SUSE Manager Proxy 4.1 SUSE Manager Server 4.1 Product(s): Definition Synopsis SUSE Linux Enterprise Module for Basesystem 15 SP2 is installed AND libgd3-2.2.5-9.1 is installed Definition Synopsis Image SLES15-SP4-Manager-Server-4-3-BYOS is installed AND Package Information log4j-2.16.0-4.10.1 is installed OR log4j-slf4j-2.16.0-4.10.1 is installed
BACK