Alerts This Week
Warning Icon 1 1,146
Alerts This Week
Warning Icon 1 1,146

Debian 11: apache-log4j2 Critical MitM TLS Issue DLA-4444-1 CVE-2025-68161

debian lts
Calendar Grey January 19, 2026
Dist Debian Esm H88
Apache Log4j2 update fixes man-in-the-middle threat allowing log traffic interception. Upgrade to secure your system.
In Apache Log4j2, a Java Logging Framework, the Socket Appender does not perform TLS hostname verification of the peer certificate, even when the verifyHostName configuration attri...

Summary

For Debian 11 bullseye, this problem has been fixed in version
2.17.1-1~deb11u2.

We recommend that you upgrade your apache-log4j2 packages.

For the detailed security status of apache-log4j2 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/source-package/apache-log4j2

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS



Severity
critical
Lowest
Low
Medium
High
Critical

Package: apache-log4j2
Version: 2.17.1-1~deb11u2
CVE ID: CVE-2025-68161
Debian Bug: 1123744

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here