On Sat, Dec 18, 2021 at 3:50 PM Christian Ehrhardt < christian.ehrha...@canonical.com> wrote:
> > On Tue, Dec 14, 2021 at 10:17 PM integer GmbH <supp...@integer-it.de> > wrote: > >> Hello Ubuntu-Team, >> can you please tell me if the follwoing software is affected by the Log4J >> exploit? >> > > *disclaimer: I'm not from the security team and this is not a definitive > or formal answer* > > In general for CVEs you'd want to check the https://ubuntu.com/security > entry for it. > It will mention its status, affected packages and link to further > ressources one should know about. > In this case the links to USN and the wiki page are very helpful as well. > > In this case that is at: https://ubuntu.com/security/CVE-2021-44228 > Related, it looks like CVE-2021-45046 against log4j2 v2.15 applies as well. It can result in a Remote Code Execution (RCE) under certain circumstances. Also see https://www.openwall.com/lists/oss-security/2021/12/18/1. Jeff
-- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
