Mageia 8: 2021-0556 Moderate: Apache Log4j Code Execution Alert
mageia
December 10, 2021
Apache Log4j2 <=2.14.1 JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints
Summary
Apache Log4j2 <=2.14.1 JNDI features used in configuration, log messages,
and parameters do not protect against attacker controlled LDAP and other
JNDI related endpoints. An attacker who can control log messages or log
message parameters can execute arbitrary code loaded from LDAP serverswhen message lookup substitution is enabled. From log4j 2.15.0, this
behavior has been disabled by default. (CVE-2021-44228)
References
- https://bugs.mageia.org/show_bug.cgi?id=29753
- https://www.openwall.com/lists/oss-security/2021/12/10/1
- https://www.cve.org/CVERecord?id=CVE-2021-44228
Topics Covered
Resolution
SRPMS
- 8/core/log4j-2.13.3-1.1.mga8
PREVIOUS
NEXT
Severity
important
Lowest
Low
Medium
High
Critical
Publication date: 11 Dec 2021
URL: https://advisories.mageia.org/MGASA-2021-0556.html
Type: security
CVE: CVE-2021-44228
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!