Alerts This Week
Warning Icon 1 764
Alerts This Week
Warning Icon 1 764

Fedora 34 FEDORA-2021-66d6c484f3 Critical: Log4j RCE Patch

fedora
Calendar Grey December 21, 2021
Dist Fedora Esm H88
The latest release introduces log4j 2.16.0 to mitigate serious security flaws, enhancing protection in Fedora environments.
This update provides log4j 2.16.0, to address the critical vulnerability CVE-2021-44228 ("Log4Shell")

Summary

Jansi is a small java library that allows you to use ANSI escape sequences

in your Java console applications. It implements ANSI support on platforms

which don't support it like Windows and provides graceful degradation for

when output is being sent to output devices which cannot support ANSI sequences.

This update provides log4j 2.16.0, to address the critical vulnerability

CVE-2021-44228 ("Log4Shell"). Note with 2.16.0, JNDI is entirely disabled by

default; to use it, you must set `log4j2.enableJndi` (please carefully consider

potential security issues before doing so). The updated jansi adds (back) a

feature, `AnsiRenderer`, which the newer log4j requires; this is the only change

to jansi. For other changes in log4j 2.16.0, see the [upstream

changelog]().

Most changes are compatible enhancements or bug fixes, but there may be some

behaviour changes.

* Mon Dec 13 2021 Adam Williamson - 2.1.1-4

- Backport patch to bring back AnsiRenderer

[ 1 ] Bug #2030945 - CVE-2021-44228 log4j: log4j-core: Remote code execution in Log4j 2.x when logs contain an attacker-controlled string value [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=2030945

su -c 'dnf upgrade --advisory FEDORA-2021-66d6c484f3' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/

Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure

Topics%20covered

Topics Covered

security advisory update critical Fedora RCE Log4j JNDI

Change Log

References

Update Instructions

Severity
critical
Lowest
Low
Medium
High
Critical

Product: Fedora 34
Version: 2.1.1
Release: 4.fc34
URL: http://fusesource.github.io/jansi/
Summary: Generate and interpret ANSI escape sequences in Java

Topics%20covered

Topics Covered

security advisory update critical Fedora RCE Log4j JNDI

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here