-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Package : apache-log4j1.2 Version : 1.2.17-5+deb8u1 CVE ID : CVE-2019-17571 Debian Bug : 947124
Included in Log4j 1.2, a logging library for Java, is a SocketServer class that is vulnerable to deserialization of untrusted data which can be exploited to remotely execute arbitrary code when combined with a deserialization gadget when listening to untrusted network traffic for log data. For Debian 8 "Jessie", this problem has been fixed in version 1.2.17-5+deb8u1. We recommend that you upgrade your apache-log4j1.2 packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAl4bnUZfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7 UeQj9A//fj+646kgFmutWbGcU9MXIeSJnthH3rjSpDcAHOX0v+TseuUGqNqNgW4N 3qTXS1D9kEscy1wxwkv1R/5nwKK5EEYodsZ2+yuWTg6NenYX8N5bMJHZBTfWcHHI kw/j51SQZSn9/9kzc3jMVOMH49swen4Ke8MMlKuSd7Dymw+Y/u+Pdv+dl0G8lsIm y3oNeQSaKUx/Ctz/buG6ov1oKGas5+fTlekC9v+zdtEKNDFar0rnkumLDCzeVzYW 6DOFKyx5G463w05YvWVJJuelUuRO1QcsQUF2y5Y8ujUcz02da1V3tH2hDqIM0IJS dJXrzGsperSeAAPUr5uu93vw7PDlzDlnCbfN7NGGY/AH0XoO27fxuORbtkMI7xmM cG7nqGI4AJuR/8svbQfYtvrYSCfpctLvO6gB5kCOpB042bujYdPK2Iqgm6jD9vjT 4EOATCZGw4nyNohTWNTJAZpESP2IsBw7yIVZlXs/1CRbRjAia9IqRVj7skRnYg5V C9zvRIZ6xnyPwbLBbjkWyTlFCL9Y6/roKpG1lOQkpyEZzC2lUjGq499Gpj2Uh34p WHppDDCBE71lETSAtdK5+AnboDmoPzPr8flskmdAdChccfhdrB/lHzLFzOI6AtV2 bAqncXYWvuDba6hURO0Cw+YybU1T3/ND29n0UqX1gOIDvXFayQI= =Fs7B -----END PGP SIGNATURE-----
