Apache Log4j vulnerability
A security issue affects these releases of Ubuntu and its
derivatives:
* Ubuntu 18.04 LTS
Summary
Apache Log4j could be made to remotely execute arbitrary code if
it received specially crafted log data.
Software Description
* apache-log4j1.2 - Java-based open-source logging tool
Details
It was discovered that Apache Log4j does not properly deserialize
untrusted data. An attacker could possibly use this issue to
remotely execute arbitrary code. (CVE-2019-17571)
Update instructions
The problem can be corrected by updating your system to the
following package versions:
Ubuntu 18.04 LTS
liblog4j1.2-java - 1.2.17-8+deb10u1build0.18.04.1
To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.
In general, a standard system update will make all the necessary
changes.
References
* CVE-2019-17571
--- Mystic BBS v1.12 A45 (Linux/64)
* Origin: BZ&BZ BBS (21:4/110)
Sysop: | Nelgin |
---|---|
Location: | Plano, TX |
Users: | 509 |
Nodes: | 10 (2 / 8) |
Uptime: | 113:26:02 |
Calls: | 8,194 |
Calls today: | 1 |
Files: | 15,442 |
Messages: | 913,314 |
Posted today: | 8 |