UbuntuUpdates.org

Package "liblog4j2-java"

Name: liblog4j2-java

Description:

Apache Log4j - Logging Framework for Java
Latest version: 2.17.1-0.20.04.1
Release: focal (20.04)
Level: security
Repository: universe
Head package: apache-log4j2
Homepage: https://logging.apache.org/log4j/2.x/

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "liblog4j2-java"

All arch deb package
APT INSTALL

Other versions of "liblog4j2-java" in Focal

Repository Area Version
base universe 2.11.2-1
updates universe 2.17.1-0.20.04.1

Changelog

Version: 2.17.1-0.20.04.1 2022-01-11 21:06:23 UTC

  apache-log4j2 (2.17.1-0.20.04.1) focal-security; urgency=medium

  * SECURITY UPDATE: Denial of service
    - Updated to new upstream version 2.17.1.
    - CVE-2021-44832

 -- Paulo Flabiano Smorigo <email address hidden> Tue, 11 Jan 2022 18:30:01 +0000
Source diff to previous version
CVE-2021-44832 Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fix releases 2.3.2 and 2.12.4) are vulnerable to a remote code execution (RCE) at

Version: 2.17.0-0.20.04.1 2021-12-19 19:07:18 UTC

  apache-log4j2 (2.17.0-0.20.04.1) focal-security; urgency=medium

  * SECURITY UPDATE: Denial of service via uncontrolled recursion
    - Updated to new upstream version 2.17.0.
    - CVE-2021-45105

 -- Marc Deslauriers <email address hidden> Sun, 19 Dec 2021 07:44:06 -0500
Source diff to previous version
CVE-2021-45105 Certain strings can cause infinite recursion

Version: 2.16.0-0.20.04.1 2021-12-15 19:06:54 UTC

  apache-log4j2 (2.16.0-0.20.04.1) focal-security; urgency=high

  * SECURITY UPDATE: Denial of service
    - Updated to new upstream version 2.16.0.
    - CVE-2021-45046

 -- Paulo Flabiano Smorigo <email address hidden> Wed, 15 Dec 2021 10:52:44 -0300
Source diff to previous version
CVE-2021-45046 It was found that the fix to address CVE-2021-44228 in Apache Log4j 2. ...

Version: 2.15.0-0.20.04.1 2021-12-14 03:06:26 UTC

  apache-log4j2 (2.15.0-0.20.04.1) focal-security; urgency=high

  * SECURITY UPDATE: Remote Code Execution
    - Updated to new upstream version 2.15.0.
    - debian/liblog4j2-java.poms: Update pom list to the new version.
    - debian/maven.ignoreRules: Add more tests to ignore list.
    - CVE-2021-44228

 -- Paulo Flabiano Smorigo <email address hidden> Mon, 13 Dec 2021 16:44:36 +0000
CVE-2021-44228 Apache Log4j2 <=2.14.1 JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JN


About   -   Send Feedback to @ubuntu_updates