Apache Log4j vulnerability
A security issue affects these releases of Ubuntu and its
derivatives:
* Ubuntu 18.04 LTS
Summary
Apache Log4j could be made to remotely execute arbitrary code if
it received specially crafted log data.
Software Description
* apache-log4j1.2 - Java-based open-source logging tool
Details
It was discovered that Apache Log4j does not properly deserialize
untrusted data. An attacker could possibly use this issue to
remotely execute arbitrary code. (CVE-2019-17571)
Update instructions
The problem can be corrected by updating your system to the
following package versions:
Ubuntu 18.04 LTS
liblog4j1.2-java - 1.2.17-8+deb10u1build0.18.04.1
To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.
In general, a standard system update will make all the necessary
changes.
References
* CVE-2019-17571
--- Mystic BBS v1.12 A45 (Linux/64)
* Origin: BZ&BZ BBS (21:4/110)
Sysop: | echicken |
---|---|
Location: | Toronto, Ontario |
Users: | 2,224 |
Nodes: | 6 (0 / 6) |
Uptime: | 14:54:21 |
Calls: | 14,143 |
Files: | 295 |
Messages: | 551,310 |