Friday, January 14, 2022

Ubuntu Security Notice USN-5223-1

Ubuntu Security Notice USN-5223-1
January 12, 2022

apache-log4j1.2 vulnerability
A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 21.10
- Ubuntu 21.04
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS


Apache Log4j 1.2 could be made to crash or run programs if it received specially
crafted input.

Software Description:
- apache-log4j1.2: Java-based open-source logging tool


It was discovered that Apache Log4j 1.2 was vulnerable to deserialization of
untrusted data if the configuration file was editable. An attacker could use
this vulnerability to cause a DoS or possibly execute arbitrary code.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 21.10:
liblog4j1.2-java 1.2.17-10ubuntu0.21.10.1

Ubuntu 21.04:
liblog4j1.2-java 1.2.17-10ubuntu0.21.04.1

Ubuntu 20.04 LTS:
liblog4j1.2-java 1.2.17-9ubuntu0.1

Ubuntu 18.04 LTS:
liblog4j1.2-java 1.2.17-8+deb10u1ubuntu0.1

In general, a standard system update will make all the necessary changes.


Package Information:

Copyright © 2021 Vulnerability Database | Cyber Details™

thank you Templateism for the design - You should have written the code a little more complicated - Nothing Encrypted anymore