Oval Definition:oval:org.opensuse.security:def:94421
Revision Date:2021-12-16Version:1
Title: (Important)
Description:

This update for log4j fixes the following issue:

- Previously published fixes for log4jshell turned out to be incomplete. Upstream has followed up on the original patch for CVE-2021-44228 with several additional changes (LOG4J2-3198, LOG4J2-3201, LOG4J2-3208, and LOG4J2-3211) that are included in this update. Since the totality of those patches is pretty much equivalent to an update to the latest version of log4j, we did update the package's tarball from version 2.13.0 to 2.16.0 instead of trying to apply those patches to the old version. This change brings in a new dependency on 'jakarta-servlet' and a version update of 'disruptor'. [bsc#1193743, CVE-2021-45046]
Family:unixClass:patch
Status:Reference(s):1151867
1193743
CVE-2019-16707
CVE-2021-44228
CVE-2021-45046
SUSE-SU-2020:2966-1
Platform(s):Image SLES15-SP4-Manager-Server-4-3-BYOS-GCE
SUSE Linux Enterprise Desktop 15 SP2
SUSE Linux Enterprise High Performance Computing 15 SP2
SUSE Linux Enterprise Module for Basesystem 15 SP2
SUSE Linux Enterprise Server 15 SP2
SUSE Linux Enterprise Server for SAP Applications 15 SP2
SUSE Linux Enterprise Storage 7
SUSE Manager Proxy 4.1
SUSE Manager Server 4.1
Product(s):
Definition Synopsis
  • SUSE Linux Enterprise Module for Basesystem 15 SP2 is installed
  • AND Package Information
  • hunspell-1.6.2-3.3.7 is installed
  • OR hunspell-devel-1.6.2-3.3.7 is installed
  • OR hunspell-tools-1.6.2-3.3.7 is installed
  • OR libhunspell-1_6-0-1.6.2-3.3.7 is installed
    • Definition Synopsis
  • Image SLES15-SP4-Manager-Server-4-3-BYOS-GCE is installed
  • AND Package Information
  • log4j-2.16.0-4.10.1 is installed
  • OR log4j-slf4j-2.16.0-4.10.1 is installed
    • BACK