LinuxQuestions.org - CVE-2021-44228 and "Apache Log4j 2"

- Slackware (https://www.linuxquestions.org/questions/slackware-14/)

- - CVE-2021-44228 and "Apache Log4j 2" (https://www.linuxquestions.org/questions/slackware-14/cve-2021-44228-and-apache-log4j-2-a-4175704882/)

baumei

12-13-2021 10:30 AM

CVE-2021-44228 and "Apache Log4j 2"

Some of us run Apache on our Slackware servers. For several days CVE-2021-44228 has been in the news, saying it "[...] is a remote code execution vulnerability in Apache Log4j 2."

Apache ships with Slackware, however I think "Log4j" does not.

As far as I can tell this vulnerability does not directly apply to Slackware, however I think those of us which run Apache may wish to be leery of "Log4j".

Jeebizz

12-13-2021 10:33 AM

If I understand it, Log4j is a java library - but supposedly if you are running java - it affects versions 7 or 8 but newer versions does not seem to be affected(?).

marav

12-13-2021 10:38 AM

It's only for https://logging.apache.org/log4j/2.x/
with version <= 2.15.0-rc1

https://nvd.nist.gov/vuln/detail/CVE-2021-44228

All times are GMT -5. The time now is 06:36 PM.