Re: log4j cve

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]




Zitat von Steve Meier <email@xxxxxxxxxxxxxx>:

Hello Steve,

Am 2021-12-14 14:14, schrieb Steve Clark:
This is the standard version that comes with CentOS 7 and is the
latest available as of a yum update just now.
log4j-1.2.17-16.el7_4.noarch

yes, that's correct, but it is abandoned nonetheless.

According to the RPM's change log, Red Hat backported a fix for CVE-2017-5645.
They have not done this for CVE-2019-17571 it seems.
I would be very surprised if they'd do so now.

Kind regards,
  Steve
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos



Tools

alle Links ohne Prüfung auf Inhalt und Qualität

https://log4shell.huntress.com/  (Quelle Sven Kuhnert)

https://therecord.media/log4j-zero-day-gets-security-fix-just-as-scans-for-vulnerable-systems-ramp-up/





Anwendung
BlueTeam CheatSheet * Log4Shell* | Last updated: 2021-12-12 2129 UTC · GitHub



https://logging.apache.org/log4j/2.x/security.html


Presse
https://www.heise.de/news/Log4j-2-16-0-verbessert-Schutz-vor-Log4Shell-Luecke-6294053.html

https://www.golem.de/news/log4j-luecke-warum-log4shell-so-gefaehrlich-ist-und-was-nicht-hilft-2112-161757-4.html

Hinweis: In den Kommentaren zu den Artikeln finden sich Einschätzungen und Hinweise neuste Artikel oben

https://www.heise.de/ratgeber/Schutz-vor-schwerwiegender-Log4j-Luecke-was-jetzt-hilft-und-was-nicht-6292961.html

https://www.golem.de/news/log4shell-bsi-vergibt-hoechste-warnstufe-fuer-log4j-luecke-2112-161734.html

https://www.spiegel.de/netzwelt/web/log4j-luecke-bundesbehoerden-von-schwerer-it-schwachstelle-betroffen-a-6cb889d2-ba8d-48f8-a27a-f923bf11b563

https://www.spiegel.de/netzwelt/web/log4-j-schwachstelle-ja-leute-die-scheisse-brennt-lichterloh-a-760bd03d-42d2-409c-a8d2-d5b13a9150fd

https://www.spiegel.de/netzwelt/web/bundesbehoerde-warnt-vor-schwachstelle-in-weit-verbreiteter-software-a-55bc413b-2e01-446c-8ee6-5fabfee3b0f2

fachliche Quellen
https://www.heise.de/news/Kritische-Zero-Day-Luecke-in-log4j-gefaehrdet-zahlreiche-Server-und-Apps-6291653.html

https://www.bsi.bund.de/SharedDocs/Warnmeldungen/DE/CB/2021/12/warnmeldung_cb-k21-1264.html?nn=520170

https://www.bsi.bund.de/SharedDocs/Cybersicherheitswarnungen/DE/2021/2021-549032-10F2.pdf?__blob=publicationFile&v=3

Apache Releases Log4j Version 2.15.0 to Address Critical RCE Vulnerability Under Exploitation | CISA

Java-Schwachstelle Log4Shell – Was passiert ist und was zu tun ist – Sophos News

Log4Shell explained – how it works, why you need to know, and how to fix it – Naked Security (sophos.com)


_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos




[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]


  Powered by Linux