Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-15-SP2:Update
patchinfo.22234
_patchinfo
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File _patchinfo of Package patchinfo.22234
<patchinfo incident="22234"> <issue tracker="bnc" id="1193795">VUL-0: CVE-2021-42550: logback: remote code execution through JNDI call from within its configuration file</issue> <issue tracker="cve" id="2021-44228"/> <packager>fstrba</packager> <rating>important</rating> <category>security</category> <summary>Security update for logback</summary> <description>This update for logback fixes the following issues: Upgrade to version 1.2.8 + In response to log4Shell/CVE-2021-44228, all JNDI lookup code in logback has been disabled until further notice. This impacts ContextJNDISelector and insertFromJNDI element in configuration files. + Also in response to log4Shell/CVE-2021-44228, all database (JDBC) related code in the project has been removed with no replacement. + Note that the vulnerability mentioned in LOGBACK-1591 requires write access to logback's configuration file as a prerequisite. The log4Shell/CVE-2021-44228 and LOGBACK-1591 are of different severity levels. A successful RCE requires all of the following conditions to be met: - write access to logback.xml - use of versions lower then 1.2.8 - reloading of poisoned configuration data, which implies application restart or scan="true" set prior to attack </description> </patchinfo>
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor