[integer-Ticket #81335] Log4J Sicherheitslücke

2021-12-14 Thread integer GmbH 
Hello Ubuntu-Team,
can you please tell me if the follwoing software is affected by the Log4J 
exploit?

python3.8
python3.8-minimal
python3-appdirs
python3-apt
python3-certifi
python3-chardet
python3-crypto
python3-dbus
python3-distlib
python3-distro
python3-distro-info
python3-distupgrade
python3-distutils
python3-dnspython
python3-filelock
python3-gi
python3-gpg
python3-idna
python3-importlib-metadata
python3-ldb
python3-lib2to3
python3-markdown
python3-minimal
python3-more-itertools
python3-netifaces
python3-packaging
python3-pkg-resources
python3-pygments
python3-pyparsing
python3-requests
python3-samba
python3-six
python3-talloc
python3-tdb
python3-update-manager
python3-urllib3
python3-virtualenv
python3-yaml
python3-zipp
python3.6-minimal
readline-common
rename
resolvconf
rsync
rsyslog
samba
samba-common
samba-common-bin
samba-dsdb-modules
samba-libs
samba-vfs-modules
sed
sensible-utils
shared-mime-info
socat
squid
squid-common
squid-langpack
ssl-cert
sudo
systemd
systemd-sysv
systemd-timesyncd
sysvinit-utils
tar
tcpd
tdb-tools
thermald
tzdata
ubuntu-advantage-tools
ubuntu-minimal
ubuntu-release-upgrader-core
ucf
udev
update-inetd
update-manager-core
usb.ids
usbutils
util-linux
vim-common
vim-tiny
virtualenv
wget
whiptail
winbind
xauth
xdg-user-dirs
xkb-data
xxd
xz-utils
zerofree
zlib1g
tasksel
tasksel-data

Our client Hopfenveredlung St. Johann is using this software and we want to 
make sure they are not affected by the Log4J exploit.

Best Regards
Jonas Böck


_ ​_ _

integer GmbH Support



Telefon 08252 - 96031 - 10


|



E-Mail: supp...@integer-it.de




[cid:integer-logo_d141d426-79be-4a61-9be5-61d598823bdd.png]

Hans-Sachs-Weg 25


|



86529



Schrobenhausen



Registergericht: Amtsgericht Ingolstadt
Registernummer: HRB 7821
Geschäftsführer: Luise Krammer

Allgemeine Datenschutzhinweise:
https://integer-it.de/ds.html

Folgen Sie uns auf: [cid:Facebook_a4f854d7-d64b-473d-85ef-8f08ae4ac7ff.png] 
  
[cid:Instagram_d8301ab7-baaa-48d5-948b-c30dca673e0e.png] 

F



[cid:heyalter_23c470d3-5806-4549-9ab0-eccd9ccc9fe1.png]
_ _ _





-- 
Ubuntu-devel-discuss mailing list
Ubuntu-devel-discuss@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss

Re: log4j rce patch

2021-12-14 Thread Jeffrey Walton 
On Tue, Dec 14, 2021 at 6:32 AM Alex Murray  wrote:
> ...
> >
> > Also see https://www.randori.com/blog/cve-2021-44228/
>
> Please see https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/Log4Shell for 
> more details but updates are now available, however the USN is still pending 
> publication.

Thanks Alex. Let me review the wiki page.

I see Ubuntu sent out a notice today.
https://ubuntu.com/security/notices/USN-5192-1.

Jeff

-- 
Ubuntu-devel-discuss mailing list
Ubuntu-devel-discuss@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss

Re: Add a ca root to ca-certificates in WSL environment?

2021-12-14 Thread Jeffrey Walton 
On Tue, Dec 14, 2021 at 9:17 AM Michael Loftis  wrote:
>
> No special magic for the WSL Ubuntu install.  You just apt-get install
> ca-certificates on the WSL Ubuntu environment command line, drop the
> pem certificate(s) in file(s) in /etc/ssl/certs, run
> update-ca-certificates (as root, use sudo) and you're done.   Just
> make sure the pem's are globally readable. The new certificate(s) will
> be included in /etc/ssl/certs/ca-certificates.crt and all system
> packages use that as their trusted root certs, pretty sure it'll also
> add the hash symlinks too.  That decade (and a bit) old IR is long,
> long, long closed.  This will NOT affect any Windows based stuff.

Ack, thanks.

> If you need to have it packaged then you'll have to do your own
> package, with a post-install hook.  You shouldn't be
> replacing/overriding the ca-certificates package.

Thanks.

Jeff

-- 
Ubuntu-devel-discuss mailing list
Ubuntu-devel-discuss@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss

Re: Add a ca root to ca-certificates in WSL environment?

2021-12-14 Thread Michael Loftis 
No special magic for the WSL Ubuntu install.  You just apt-get install
ca-certificates on the WSL Ubuntu environment command line, drop the
pem certificate(s) in file(s) in /etc/ssl/certs, run
update-ca-certificates (as root, use sudo) and you're done.   Just
make sure the pem's are globally readable. The new certificate(s) will
be included in /etc/ssl/certs/ca-certificates.crt and all system
packages use that as their trusted root certs, pretty sure it'll also
add the hash symlinks too.  That decade (and a bit) old IR is long,
long, long closed.  This will NOT affect any Windows based stuff.

If you need to have it packaged then you'll have to do your own
package, with a post-install hook.  You shouldn't be
replacing/overriding the ca-certificates package.

On Mon, Dec 13, 2021 at 6:36 PM Jeffrey Walton  wrote:
>
> Hi Everyone,
>
> I'm working on a Windows machine with Windows Subsystem Linux (WSL).
> The machine hosts Ubuntu 20.04. We are having some TLS problems due to
> an interception proxy. I need to add a CA root to the ca-certificates
> package or store.
>
> I checked the Ubuntu wiki and found one article on ca-certificates at
> https://wiki.ubuntu.com/IncidentReports/2011-09-20-ca-certificates-removes-libnss3.
>
> I'm Ok with dropping the root CA in the filesystem and running
> c_rehash, if needed. I'm happy to use the method if that is
> recommended.
>
> My question is, how would I go about adding a root CA to the machine's
> trusted root store?
>
> Thanks in advance.
>
> --
> Ubuntu-devel-discuss mailing list
> Ubuntu-devel-discuss@lists.ubuntu.com
> Modify settings or unsubscribe at: 
> https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss



-- 

"Genius might be described as a supreme capacity for getting its possessors
into trouble of all kinds."
-- Samuel Butler

-- 
Ubuntu-devel-discuss mailing list
Ubuntu-devel-discuss@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss

Re: log4j rce patch

2021-12-14 Thread Alex Murray 
Hi Jeff

On Fri, 2021-12-10 at 15:53:51 -0500, Jeffrey Walton wrote:

> Hi Everyone,
>
> Has Ubuntu pushed a patch for the log4j rce that was dropped earlier today?
>
> At work, we think we are seeing activity due to zero day. But I am not
> sure the servers are fully patched at the moment.
>
> Also see https://www.randori.com/blog/cve-2021-44228/

Please see https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/Log4Shell for 
more details but updates are now available, however the USN is still pending 
publication.

>
> Jeff

Thanks,
Alex


-- 
Ubuntu-devel-discuss mailing list
Ubuntu-devel-discuss@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss