Re: log4j cve

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] 

On Tue, 2021-12-14 at 14:31 +0100, Steve Meier wrote:
> Hello Steve,
> 
> Am 2021-12-14 14:14, schrieb Steve Clark:
> >  This is the standard version that comes with CentOS 7 and is the
> > latest available as of a yum update just now.
> > log4j-1.2.17-16.el7_4.noarch
> 
> yes, that's correct, but it is abandoned nonetheless.
> 
> According to the RPM's change log, Red Hat backported a fix for 
> CVE-2017-5645.
> They have not done this for CVE-2019-17571 it seems.
> I would be very surprised if they'd do so now.


https://access.redhat.com/node/4677071According to that link CVE-2019-17571 is the same issue as CVE-2017-
5645 and both are listed as fixed in this errata:
https://access.redhat.com/errata/RHSA-2017:2423

So I think it's fixed.
Best regards, markus

_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos
[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]

  Powered by Linux