log4j-1.2.17-16.0.1.el7.AXS7
エラータID: AXSA:2017-2271:01
Release date:
Wednesday, September 20, 2017 - 10:05
Subject:
log4j-1.2.17-16.0.1.el7.AXS7
Affected Channels:
Asianux Server 7 for x86_64
Severity:
High
Description:
Log4j is a tool to help the programmer output log statements to a
variety of output targets.
CVE-2017-5645
In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or
UDP socket server to receive serialized log events from another
application, a specially crafted binary payload can be sent that, when
deserialized, can execute arbitrary code.
Solution:
Update packages.
CVEs:
CVE-2017-5645
In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code.
In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code.
Additional Info:
N/A
Download:
SRPMS
- log4j-1.2.17-16.0.1.el7.AXS7.src.rpm
MD5: 4be88e9a696769a88dcaef50839cdae1
SHA-256: 18749b28c4bf2775ffab7391ae72be22c9a590a7e0fbaa324ddf3ea7009a1990
Size: 2.74 MB
Asianux Server 7 for x86_64
- log4j-1.2.17-16.0.1.el7.AXS7.noarch.rpm
MD5: 45504bdedcd02dece5deaeb535664dd4
SHA-256: 2c50cb163238b160af486c02e446bb2e2691959c8424fab43bc50a8d2620be32
Size: 443.20 kB