LinuxQuestions.org
Visit Jeremy's Blog.
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware
Reload this Page CVE-2021-44228 and "Apache Log4j 2"
User Name
Password
Slackware This Forum is for the discussion of Slackware Linux.

Notices


Reply
  Search this Thread
Old 12-13-2021, 10:30 AM   #1
baumei
Member
 
Registered: Feb 2019
Location: USA; North Carolina
Distribution: Slackware 15.0 (replacing 14.2)
Posts: 365

Rep: Reputation: 124Reputation: 124
CVE-2021-44228 and "Apache Log4j 2"

Some of us run Apache on our Slackware servers. For several days CVE-2021-44228 has been in the news, saying it "[...] is a remote code execution vulnerability in Apache Log4j 2."

Apache ships with Slackware, however I think "Log4j" does not.

As far as I can tell this vulnerability does not directly apply to Slackware, however I think those of us which run Apache may wish to be leery of "Log4j".
Last edited by baumei; 12-13-2021 at 10:35 AM.
 
Old 12-13-2021, 10:33 AM   #2
Jeebizz
Senior Member
Contributing Member
 
Registered: May 2004
Distribution: Slackware15.0 64-Bit Desktop, Debian 11 non-free Toshiba Satellite Notebook
Posts: 4,186

Rep: Reputation: 1379Reputation: 1379Reputation: 1379Reputation: 1379Reputation: 1379Reputation: 1379Reputation: 1379Reputation: 1379Reputation: 1379Reputation: 1379
If I understand it, Log4j is a java library - but supposedly if you are running java - it affects versions 7 or 8 but newer versions does not seem to be affected(?).
 
Old 12-13-2021, 10:38 AM   #3
marav
LQ Sage
 
Registered: Sep 2018
Location: Gironde
Distribution: Slackware
Posts: 5,366

Rep: Reputation: 4081Reputation: 4081Reputation: 4081Reputation: 4081Reputation: 4081Reputation: 4081Reputation: 4081Reputation: 4081Reputation: 4081Reputation: 4081Reputation: 4081
It's only for https://logging.apache.org/log4j/2.x/
with version <= 2.15.0-rc1

https://nvd.nist.gov/vuln/detail/CVE-2021-44228
Last edited by marav; 12-13-2021 at 10:39 AM.
 
3 members found this post helpful.
  


Reply



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Meltdown/Spectre CVE-2017-5754, CVE-2017-5753, CVE-2017-5715 cynwulf LQ Suggestions & Feedback 1 01-05-2018 09:42 AM
[SOLVED] log4j:WARN Please initialize the log4j system properly. jsaravana87 Linux - Server 1 10-03-2011 11:31 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware

All times are GMT -5. The time now is 10:42 PM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration