> Hello Steve, > > Am 2021-12-14 14:14, schrieb Steve Clark: >> This is the standard version that comes with CentOS 7 and is the >> latest available as of a yum update just now. >> log4j-1.2.17-16.el7_4.noarch > > yes, that's correct, but it is abandoned nonetheless. > > According to the RPM's change log, Red Hat backported a fix for > CVE-2017-5645. > They have not done this for CVE-2019-17571 it seems. > I would be very surprised if they'd do so now. It seems CVE-2019-17571 is also covered by the fix for CVE-2017-5645: https://access.redhat.com/node/4677071 Regards, Simon _______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx https://lists.centos.org/mailman/listinfo/centos
Re: log4j cve
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
- Subject: Re: log4j cve
- From: "Simon Matter" <simon.matter@xxxxxxxxx>
- Date: Tue, 14 Dec 2021 16:20:23 +0100
- Importance: Normal
- In-reply-to: <4a741835aae6b87324d8f20890e7de68@steve-meier.de>
- References: <cbd0f005-344c-8a91-b1ca-47772610be3d@netwolves.com> <17c995355588c1dfe86e78ca43d56dc4@steve-meier.de> <82160ffa-a277-1495-b5c1-e967c3d68377@netwolves.com> <4a741835aae6b87324d8f20890e7de68@steve-meier.de>
- User-agent: SquirrelMail/1.4.22
- References:
- log4j cve
- From: Steve Clark via CentOS
- Re: log4j cve
- From: Steve Meier
- Re: log4j cve
- From: Steve Clark via CentOS
- Re: log4j cve
- From: Steve Meier
- log4j cve
- Prev by Date: Re: log4j cve
- Next by Date: Re: log4j cve
- Previous by thread: Re: log4j cve
- Next by thread: Re: log4j cve
- Index(es):
 |