Oracle Linux Security Advisory ELSA-2022-0442 https://linux.oracle.com/errata/ELSA-2022-0442.html The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network: x86_64: log4j-1.2.17-18.el7_4.noarch.rpm log4j-javadoc-1.2.17-18.el7_4.noarch.rpm log4j-manual-1.2.17-18.el7_4.noarch.rpm SRPMS: https://oss.oracle.com/ol7/SRPMS-updates/log4j-1.2.17-18.el7_4.src.rpm Related CVEs: CVE-2022-23302 CVE-2022-23305 CVE-2022-23307 Description of changes: [0:1.2.17-18] - Fix Unsafe deserialization flaw in Chainsaw log viewer - Fix SQL injection when application is configured to use JDBCAppender - Fix remote code execution when application is configured to use JMSSink - Resolves: CVE-2022-23307, CVE-2022-23305, CVE-2022-23302 _______________________________________________ El-errata mailing list [email protected] https://oss.oracle.com/mailman/listinfo/el-errata
Oracle7: ELSA-2022-0442: log4j Important Security Update
Summary
Description of changes: [0:1.2.17-18] - Fix Unsafe deserialization flaw in Chainsaw log viewer - Fix SQL injection when application is configured to use JDBCAppender - Fix remote code execution when application is configured to use JMSSink - Resolves: CVE-2022-23307, CVE-2022-23305, CVE-2022-23302
i386
x86_64
log4j-1.2.17-18.el7_4.noarch.rpm log4j-javadoc-1.2.17-18.el7_4.noarch.rpm log4j-manual-1.2.17-18.el7_4.noarch.rpm
SRPMS
https://oss.oracle.com/ol7/SRPMS-updates/log4j-1.2.17-18.el7_4.src.rpm
Severity
Related CVEs:
CVE-2022-23302
CVE-2022-23305
CVE-2022-23307
News
HOWTOs
Features
Best File & Disk Encryption Tools for Linux
Everything You Need to Know about Bug Bounties & How To Get Involved
Complete Guide to Keylogging in Linux: Part 1
What You Need to Know about the Sysrv-K Cryptomining Botnet in Less than a Minute
Strengthen Your Linux Endpoint Security & Zero Trust Strategy with Defense-in-Depth & Endpoint Encryption
About Us
Powered By
