CVE-2021-44228 and "Apache Log4j 2"
Some of us run Apache on our Slackware servers. For several days CVE-2021-44228 has been in the news, saying it "[...] is a remote code execution vulnerability in Apache Log4j 2."
Apache ships with Slackware, however I think "Log4j" does not. As far as I can tell this vulnerability does not directly apply to Slackware, however I think those of us which run Apache may wish to be leery of "Log4j". |
If I understand it, Log4j is a java library - but supposedly if you are running java - it affects versions 7 or 8 but newer versions does not seem to be affected(?).
|
It's only for https://logging.apache.org/log4j/2.x/
with version <= 2.15.0-rc1 https://nvd.nist.gov/vuln/detail/CVE-2021-44228 |
All times are GMT -5. The time now is 06:36 PM. |