• Re: Apache Log4j vulnerability

    From MeaTLoTioN@21:1/158 to bugz_ubuntu on Wed Dec 15 09:01:47 2021
    Reposting this as it feels relevant.


    On 15 Sep 2020, bugz_ubuntu said the following...

    Apache Log4j vulnerability

    A security issue affects these releases of Ubuntu and its
    derivatives:

    * Ubuntu 18.04 LTS

    Summary

    Apache Log4j could be made to remotely execute arbitrary code if
    it received specially crafted log data.

    Software Description

    * apache-log4j1.2 - Java-based open-source logging tool

    Details

    It was discovered that Apache Log4j does not properly deserialize
    untrusted data. An attacker could possibly use this issue to
    remotely execute arbitrary code. (CVE-2019-17571)

    Update instructions

    The problem can be corrected by updating your system to the
    following package versions:

    Ubuntu 18.04 LTS
    liblog4j1.2-java - 1.2.17-8+deb10u1build0.18.04.1

    To update your system, please follow these instructions:
    https://wiki.ubuntu.com/Security/Upgrades.

    In general, a standard system update will make all the necessary
    changes.

    References

    * CVE-2019-17571

    --- Mystic BBS v1.12 A45 (Linux/64)
    * Origin: BZ&BZ BBS (21:4/110)

    ---
    |14Best regards,
    |11Ch|03rist|11ia|15n |11a|03ka |11Me|03aTLoT|11io|15N

    |07ÄÄ |08[|10eml|08] |15ml@erb.pw |07ÄÄ |08[|10web|08] |15www.erb.pw |07ÄÄÄ¿ |07ÄÄ |08[|09fsx|08] |1521:1/158 |07ÄÄ |08[|11tqw|08] |151337:1/101 |07ÂÄÄÙ |07ÄÄ |08[|12rtn|08] |1580:774/81 |07ÄÂ |08[|14fdn|08] |152:250/5 |07ÄÄÄÙ
    |07ÄÄ |08[|10ark|08] |1510:104/2 |07ÄÙ

    ... A .GIF is worth a thousand .TXT.

    --- Mystic BBS v1.12 A47 2021/12/13 (Linux/64)
    * Origin: thE qUAntUm wOrmhOlE, rAmsgAtE, uK. bbs.erb.pw (21:1/158)