ELSA-2022-0442

ELSA-2022-0442 - log4j security update

Type:SECURITY
Severity:IMPORTANT
Release Date:2022-02-08

Description


[0:1.2.17-18]
- Fix Unsafe deserialization flaw in Chainsaw log viewer
- Fix SQL injection when application is configured to use JDBCAppender
- Fix remote code execution when application is configured to use JMSSink
- Resolves: CVE-2022-23307, CVE-2022-23305, CVE-2022-23302


Related CVEs


CVE-2022-23302
CVE-2022-23305
CVE-2022-23307

Updated Packages


Release/ArchitectureFilenameMD5sumSuperseded By Advisory
Oracle Linux 7 (aarch64) log4j-1.2.17-18.el7_4.src.rpm096ab8cf88596bcb342b4cf9d59c64e1-
log4j-1.2.17-18.el7_4.noarch.rpm1b07d7959f15e5ab463865225bda898d-
log4j-javadoc-1.2.17-18.el7_4.noarch.rpm4d1903bf29d42600f21e3cb5c4644ee1-
log4j-manual-1.2.17-18.el7_4.noarch.rpmbda2797774f4b6346e1be26bb7efc3dd-
Oracle Linux 7 (x86_64) log4j-1.2.17-18.el7_4.src.rpm096ab8cf88596bcb342b4cf9d59c64e1-
log4j-1.2.17-18.el7_4.noarch.rpm1b07d7959f15e5ab463865225bda898d-
log4j-javadoc-1.2.17-18.el7_4.noarch.rpm4d1903bf29d42600f21e3cb5c4644ee1-
log4j-manual-1.2.17-18.el7_4.noarch.rpmbda2797774f4b6346e1be26bb7efc3dd-



This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

software.hardware.complete