CVE-2021-44228: The previously published fix by upstream turned out to be incomplete. Therefore, upstream has recommended disabling JNDI support in log4j by default to be completely sure that this vulnerability cannot be exploited.
This update implements that recommendation and disables JNDI support by default. [bsc#1193611, CVE-2021-44228]
CVE-2021-45046: A Thread Context Message Pattern and Context Lookup Pattern vulnerable to a denial of service attack is also fixed by disabling JNDI support by default (bsc#1193743)
Image SLES15-SP4-Manager-Server-4-3-BYOS-EC2 SUSE Linux Enterprise High Performance Computing 15 SP2 SUSE Linux Enterprise Module for Server Applications 15 SP2 SUSE Linux Enterprise Server 15 SP2 SUSE Linux Enterprise Server for SAP Applications 15 SP2 SUSE Linux Enterprise Storage 7 SUSE Manager Proxy 4.1 SUSE Manager Server 4.1