Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -4 articles for you...
172
security advisorymoderateUbuntuUbuntu 20.04 LTS USN-4700-1 High: OpenSSL Security Vulnerability
Apache Log4net could made to expose sensitive information if it received a specially crafted configuration file.. =========================================================================Ubuntu Security Notice USN-4699-1 January 19, 2021 log4net vulnerability ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 20.10 - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS Summary: Apache Log4net could made to expose sensitive information if it received a specially crafted configuration file. Software Description: - log4net: Highly configurable logging API for the CLI log4net Details: It was discovered that Apache Log4net incorrectly handled certain configuration files. An attacker could possibly use this issue to expose sensitive information. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 20.10: liblog4net1.2-cil 1.2.10+dfsg-7ubuntu0.20.10.1 Ubuntu 20.04 LTS: liblog4net1.2-cil 1.2.10+dfsg-7ubuntu0.20.04.1 Ubuntu 18.04 LTS: liblog4net1.2-cil 1.2.10+dfsg-7ubuntu0.18.04.1 Ubuntu 16.04 LTS: liblog4net1.2-cil 1.2.10+dfsg-7ubuntu0.16.04.1 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-4699-1 CVE-2018-1285 Package Information: https://launchpad.net/ubuntu/+source/log4net/1.2.10+dfsg-7ubuntu0.20.10.1 https://launchpad.net/ubuntu/+source/log4net/1.2.10+dfsg-7ubuntu0.20.04.1 https://launchpad.net/ubuntu/+source/log4net/1.2.10+dfsg-7ubuntu0.18.04.1 https://launchpad.net/ubuntu/+source/log4net/1.2.10+dfsg-7ubuntu0.16.04.1 . Improper setup of Apache Log4net on Ubuntu can lead to the exposure of confidential data. Steps for correction are outlined.. Apache Log4net, Ubuntu Update, Information Exposure. . Severity: Important. LinuxSecurity.com Team
Jan 19, 2021
•Important
Ubuntu
203
security advisoryfixattack vectorMageia: 2020-0233 Moderate: Log4net XML Processing Risk
Updated log4net packages fix security vulnerability This patch fixes a security vulnerabiliy reported by Karthik Balasundaram. The security vulnerability was found in the way how log4net parses xml configuration files where it allowed to process XML External Entity Processing. An attacker could use . MGASA-2020-0233 - Updated log4net packages fix security vulnerability Publication date: 27 May 2020 URL: https://advisories.mageia.org/MGASA-2020-0233.html Type: security Affected Mageia releases: 7 CVE: CVE-2018-1285 Updated log4net packages fix security vulnerability This patch fixes a security vulnerabiliy reported by Karthik Balasundaram. The security vulnerability was found in the way how log4net parses xml configuration files where it allowed to process XML External Entity Processing. An attacker could use this as an attack vector if he could modify the XML configuration file. References: - https://bugs.mageia.org/show_bug.cgi?id=26608 - https://lists.debian.org/debian-lts-announce/2020/05/msg00014.html - https://github.com/apache/logging-log4net/commit/d0b4b0157d4af36b23c24a23739c47925c3bd8d7 - https://www.cve.org/CVERecord?id=CVE-2018-1285 SRPMS: - 7/core/log4net-2.0.8-2.1.mga7 . Recent updates to log4net packages resolve an XML security flaw within the Mageia operating system. Key information regarding the critical security patch has been provided.. log4net Update, Mageia Security Advisory, XML Configuration Security, Security Patch, Attack Vector Fix. . LinuxSecurity.com Team
May 27, 2020
Mageia
89
security advisorymoderateFedoraFedora 30: 2020-cfc319e067 Moderate: log4net XXE Security Threat
Security fix for CVE-2018-1285. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2020-cfc319e067 2020-05-24 04:02:43.703497 --------------------------------------------------------------------------------Name : log4net Product : Fedora 30 Version : 2.0.8 Release : 10.fc30 URL : https://logging.apache.org/log4net/ Summary : A .NET framework for logging Description : log4net is a tool to help the programmer output log statements to a variety of output targets. log4net is a port of the excellent log4j framework to the .NET runtime --------------------------------------------------------------------------------Update Information: Security fix for CVE-2018-1285 --------------------------------------------------------------------------------ChangeLog: * Fri May 15 2020 Timotheus Pokorra - 2.0.8-10 - apply security fix for xml configurator: [CVE-2018-1285] XXE vulnerability in Apache log4net * Wed Jan 29 2020 Fedora Release Engineering - 2.0.8-9 - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild * Wed Aug 21 2019 Timotheus Pokorra - 2.0.8-8 - Rebuilt with new mono package so that the Provides is fixed again - don't require nant for building * Thu Jul 25 2019 Fedora Release Engineering - 2.0.8-7 - Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild --------------------------------------------------------------------------------References: [ 1 ] Bug #1835982 - CVE-2018-1285 log4net: XXE in applications that accept arbitrary configuration files from users https://bugzilla.redhat.com/show_bug.cgi?id=1835982 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2020-cfc319e067' at the command line. For more information, refer to the dnf documentation availableat https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
May 24, 2020
•Important
Fedora
89
security advisoryfedoracriticalFedora 32 FEDORA-2020-73d380e9b9 Critical: log4net XXE Issue
Security fix for CVE-2018-1285. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2020-73d380e9b9 2020-05-24 03:27:16.087207 --------------------------------------------------------------------------------Name : log4net Product : Fedora 32 Version : 2.0.8 Release : 10.fc32 URL : https://logging.apache.org/log4net/ Summary : A .NET framework for logging Description : log4net is a tool to help the programmer output log statements to a variety of output targets. log4net is a port of the excellent log4j framework to the .NET runtime --------------------------------------------------------------------------------Update Information: Security fix for CVE-2018-1285 --------------------------------------------------------------------------------ChangeLog: * Fri May 15 2020 Timotheus Pokorra - 2.0.8-10 - apply security fix for xml configurator: [CVE-2018-1285] XXE vulnerability in Apache log4net --------------------------------------------------------------------------------References: [ 1 ] Bug #1835982 - CVE-2018-1285 log4net: XXE in applications that accept arbitrary configuration files from users https://bugzilla.redhat.com/show_bug.cgi?id=1835982 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2020-73d380e9b9' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
May 23, 2020
•Critical
Fedora
89
security advisoryupdatecriticalFedora 31 FEDORA-2020-847775bf79 Critical: Log4net XML Configurator Issue
Security fix for CVE-2018-1285. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2020-847775bf79 2020-05-24 03:15:52.103187 --------------------------------------------------------------------------------Name : log4net Product : Fedora 31 Version : 2.0.8 Release : 10.fc31 URL : https://logging.apache.org/log4net/ Summary : A .NET framework for logging Description : log4net is a tool to help the programmer output log statements to a variety of output targets. log4net is a port of the excellent log4j framework to the .NET runtime --------------------------------------------------------------------------------Update Information: Security fix for CVE-2018-1285 --------------------------------------------------------------------------------ChangeLog: * Fri May 15 2020 Timotheus Pokorra - 2.0.8-10 - apply security fix for xml configurator: [CVE-2018-1285] XXE vulnerability in Apache log4net * Wed Jan 29 2020 Fedora Release Engineering - 2.0.8-9 - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild --------------------------------------------------------------------------------References: [ 1 ] Bug #1835982 - CVE-2018-1285 log4net: XXE in applications that accept arbitrary configuration files from users https://bugzilla.redhat.com/show_bug.cgi?id=1835982 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2020-847775bf79' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be foundat https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
May 23, 2020
•Critical
Fedora
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!