slf4j-1.7.4-4.el7

エラータID: AXSA:2018-2646:01

Release date: 
Tuesday, April 3, 2018 - 09:45
Subject: 
slf4j-1.7.4-4.el7
Affected Channels: 
Asianux Server 7 for x86_64
Severity: 
Moderate
Description: 

The Simple Logging Facade for Java or (SLF4J) is a simple facade for various
logging APIs allowing the end-user to plug in the desired implementation at
deployment time. SLF4J also allows for a gradual migration path away from
Jakarta Commons Logging (JCL).

Security Fix(es):

* slf4j: Deserialisation vulnerability in EventData constructor can allow for
arbitrary code execution (CVE-2018-8088)

For more details about the security issue(s), including the impact, a CVSS
score, and other related information, refer to the CVE page(s) listed in the
References section.

Asianux would like to thank Chris McCown for reporting this issue.

CVE-2018-8088
org.slf4j.ext.EventData in the slf4j-ext module in QOS.CH SLF4J before
1.8.0-beta2 allows remote attackers to bypass intended access restrictions via
crafted data.

Solution: 

Update packages.

CVEs: 
CVE-2018-8088
org.slf4j.ext.EventData in the slf4j-ext module in QOS.CH SLF4J before 1.8.0-beta2 allows remote attackers to bypass intended access restrictions via crafted data.
Additional Info: 

N/A

Download: 

SRPMS
  1. slf4j-1.7.4-4.el7.src.rpm
    MD5: f32e42defcc3f84d42e77f9125464421
    SHA-256: 5c0863aaf637ebce301f83ef61039aa4c741df9b47d5961e8f4b1cbbe68b45fb
    Size: 2.74 MB

Asianux Server 7 for x86_64
  1. slf4j-1.7.4-4.el7.noarch.rpm
    MD5: 62b0964bf9270d30c501eaf294647b29
    SHA-256: 95a75195ed005e2760082c6855c602bfbfda4721cdbee22fbe643d17165de2e7
    Size: 169.57 kB