Synopsis:          Moderate: log4j security update
Advisory ID:       SLSA-2021:5206-1
Issue Date:        2021-12-20
CVE Numbers:       CVE-2021-4104
--

Security Fix(es):

* log4j: Remote code execution in Log4j 1.x when application is configured
to use JMSAppender (CVE-2021-4104)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
--

SL7
  x86_64
    log4j-debuginfo-1.2.14-6.5.el6_10.x86_64.rpm
  i386
    log4j-debuginfo-1.2.14-6.5.el6_10.i686.rpm
  noarch
    log4j-1.2.17-17.el7_4.noarch.rpm
    log4j-javadoc-1.2.17-17.el7_4.noarch.rpm
    log4j-manual-1.2.17-17.el7_4.noarch.rpm
    log4j-1.2.17-16.el7_3.noarch.rpm
    log4j-javadoc-1.2.17-16.el7_3.noarch.rpm
    log4j-manual-1.2.17-16.el7_3.noarch.rpm
    log4j-1.2.17-17.el7_4.src.rpm

- Scientific Linux Development Team