Explore top 10 tips to secure your open-source projects now. Read More
×
Apache Log4net could made to expose sensitive information if it
received a specially crafted configuration file.
Software Description:
- log4net: Highly configurable logging API for the CLI log4net
Details:
It was discovered that Apache Log4net incorrectly handled certain configuration files.
An attacker could possibly use this issue to expose sensitive information.
The problem can be corrected by updating your system to the following package versions: Ubuntu 20.10: liblog4net1.2-cil 1.2.10+dfsg-7ubuntu0.20.10.1 Ubuntu 20.04 LTS: liblog4net1.2-cil 1.2.10+dfsg-7ubuntu0.20.04.1 Ubuntu 18.04 LTS: liblog4net1.2-cil 1.2.10+dfsg-7ubuntu0.18.04.1 Ubuntu 16.04 LTS: liblog4net1.2-cil 1.2.10+dfsg-7ubuntu0.16.04.1 In general, a standard system update will make all the necessary changes.
https://ubuntu.com/security/notices/USN-4699-1
CVE-2018-1285
Get the latest Linux and open source security news straight to your inbox.