Apache Log4j could be made to run programs as your login if it opened a
specially crafted file.
Software Description:
- apache-log4j1.2: Java-based open-source logging tool
Details:
It was discovered that several deserialization issues existed within Apache
Log4j. An attacker could possibly use these issues to enable the execution
of arbitrary code. (CVE-2022-23302, CVE-2022-23305, CVE-2022-23307)
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 14.04 LTS
liblog4j1.2-java 1.2.17-4ubuntu3+esm2
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.https://ubuntu.com/security/notices/USN-7590-1
CVE-2022-23302, CVE-2022-23305, CVE-2022-23307
Get the latest Linux and open source security news straight to your inbox.