========================================================================== Ubuntu Security Notice USN-4495-1 September 15, 2020
Apache Log4j vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 18.04 LTS Summary: Apache Log4j could be made to remotely execute arbitrary code if it received specially crafted log data. Software Description: - apache-log4j1.2: Java-based open-source logging tool Details: It was discovered that Apache Log4j does not properly deserialize untrusted data. An attacker could possibly use this issue to remotely execute arbitrary code. (CVE-2019-17571) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 18.04 LTS: liblog4j1.2-java 1.2.17-8+deb10u1build0.18.04.1 In general, a standard system update will make all the necessary changes. References: https://usn.ubuntu.com/4495-1 CVE-2019-17571 Package Information: https://launchpad.net/ubuntu/+source/apache-log4j1.2/1.2.17-8+deb10u1build0.18.04.1
signature.asc
Description: OpenPGP digital signature
-- ubuntu-security-announce mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
