Several security issues were fixed in logback.
Software Description:
- logback: A reliable, generic, fast and flexible logging library for Java
Details:
It was discovered that logback could read malicious configuration files
from LDAP servers. An attacker with the required permissions could possibly
use this issue to execute arbitrary code. This issue only affected Ubuntu
16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. (CVE-2021-42550) It was
discovered that logback contained a serialization vulnerability. An
attacker could possibly use this issue to cause a denial of service.
(CVE-2023-6378)
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 22.04 LTS
liblogback-java 1:1.2.10-1ubuntu0.1~esm1
Available with Ubuntu Pro
Ubuntu 20.04 LTS
liblogback-java 1:1.2.3-5ubuntu0.1~esm1
Available with Ubuntu Pro
Ubuntu 18.04 LTS
liblogback-java 1:1.2.3-2ubuntu1~18.04.1+esm1
Available with Ubuntu Pro
Ubuntu 16.04 LTS
liblogback-java 1:1.1.3-2ubuntu0.1~esm1
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.https://ubuntu.com/security/notices/USN-7616-1
CVE-2021-42550, CVE-2023-6378
Get the latest Linux and open source security news straight to your inbox.