UbuntuUpdates.org

Package "liblog4j2-java-doc"

Name: liblog4j2-java-doc

Description:

Documentation for Apache Log4j 2

Latest version: 2.12.4-0ubuntu0.1
Release: bionic (18.04)
Level: security
Repository: universe
Head package: apache-log4j2
Homepage: http://logging.apache.org/log4j/2.x/

Links


Download "liblog4j2-java-doc"


Other versions of "liblog4j2-java-doc" in Bionic

Repository Area Version
base universe 2.10.0-2
updates universe 2.12.4-0ubuntu0.1

Changelog

Version: 2.12.4-0ubuntu0.1 2022-01-11 21:06:20 UTC

  apache-log4j2 (2.12.4-0ubuntu0.1) bionic-security; urgency=medium

  * SECURITY UPDATE: Remote code execution
    - Updated to new upstream version 2.12.4.
    - CVE-2021-44832
    - CVE-2021-45105

 -- Paulo Flabiano Smorigo <email address hidden> Tue, 11 Jan 2022 17:40:59 +0000

Source diff to previous version
CVE-2021-44832 Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fix releases 2.3.2 and 2.12.4) are vulnerable to a remote code execution (RCE) at
CVE-2021-45105 Certain strings can cause infinite recursion

Version: 2.10.0-2ubuntu0.1 2021-12-14 03:06:22 UTC

  apache-log4j2 (2.10.0-2ubuntu0.1) bionic-security; urgency=medium

  * SECURITY UPDATE: Remote code execution
    - debian/patches/CVE-2021-44228.patch: Remove JndiLookup class.
    - CVE-2021-44228

 -- Paulo Flabiano Smorigo <email address hidden> Fri, 10 Dec 2021 17:24:48 +0000

CVE-2021-44228 Apache Log4j2 <=2.14.1 JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JN



About   -   Send Feedback to @ubuntu_updates