On Mon, Dec 13, 2021 at 2:46 PM Derek Atkins <[email protected]> wrote:
> > On Mon, December 13, 2021 8:04 am, Gianluca Cecchi wrote: > >> > > If I understood correctly reading here: > > > https://blog.qualys.com/vulnerabilities-threat-research/2021/12/10/apache-log4j2-zero-day-exploited-in-the-wild-log4shell > > > > you are protected by the RCE if java is 1.8 and greater than 1.8.121 > > (released on 2017) > > Do you mean 1.8.0.121? For example, my system has: > > java-1.8.0-openjdk-headless-1.8.0.252.b09-2.el7_8.x86_64 > If you are still on oVirt 4.3, which is using OpenJDK 1.8, then you should have installed java-1.8.0-openjdk-1.8.0.312.b07-1.el7_9.x86_64. If you are on oVirt 4.4, which is using OpenJDK 11, then you should have installed java-11-openjdk-headless-11.0.13.0.8-3.el8_5.x86_64 > -derek > > -- > Derek Atkins 617-623-3745 > [email protected] www.ihtfp.com > Computer and Internet Security Consultant > _______________________________________________ > Users mailing list -- [email protected] > To unsubscribe send an email to [email protected] > Privacy Statement: https://www.ovirt.org/privacy-policy.html > oVirt Code of Conduct: > https://www.ovirt.org/community/about/community-guidelines/ > List Archives: > https://lists.ovirt.org/archives/list/[email protected]/message/32PPOVQZRSIMCQMPVKZAKRZITIGGZ774/ > -- Martin Perina Manager, Software Engineering Red Hat Czech s.r.o.
_______________________________________________ Users mailing list -- [email protected] To unsubscribe send an email to [email protected] Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/[email protected]/message/NRHOYBOOEQV2GKHS5WZ4ZQNAFCZZQQKT/
