[SECURITY] [DLA 2065-1] apache-log4j1.2 security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 2065-1] apache-log4j1.2 security update
From: Markus Koschany <apo@debian.org>
Date: Sun, 12 Jan 2020 23:27:19 +0100
Message-id: <[🔎] 51cbaf55-d919-2b9b-6628-d3c70b387ca1@debian.org>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : apache-log4j1.2
Version        : 1.2.17-5+deb8u1
CVE ID         : CVE-2019-17571
Debian Bug     : 947124

Included in Log4j 1.2, a logging library for Java, is a SocketServer
class that is vulnerable to deserialization of untrusted data which can
be exploited to remotely execute arbitrary code when combined with a
deserialization gadget when listening to untrusted network traffic for
log data.

For Debian 8 "Jessie", this problem has been fixed in version
1.2.17-5+deb8u1.

We recommend that you upgrade your apache-log4j1.2 packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAl4bnUZfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7
UeQj9A//fj+646kgFmutWbGcU9MXIeSJnthH3rjSpDcAHOX0v+TseuUGqNqNgW4N
3qTXS1D9kEscy1wxwkv1R/5nwKK5EEYodsZ2+yuWTg6NenYX8N5bMJHZBTfWcHHI
kw/j51SQZSn9/9kzc3jMVOMH49swen4Ke8MMlKuSd7Dymw+Y/u+Pdv+dl0G8lsIm
y3oNeQSaKUx/Ctz/buG6ov1oKGas5+fTlekC9v+zdtEKNDFar0rnkumLDCzeVzYW
6DOFKyx5G463w05YvWVJJuelUuRO1QcsQUF2y5Y8ujUcz02da1V3tH2hDqIM0IJS
dJXrzGsperSeAAPUr5uu93vw7PDlzDlnCbfN7NGGY/AH0XoO27fxuORbtkMI7xmM
cG7nqGI4AJuR/8svbQfYtvrYSCfpctLvO6gB5kCOpB042bujYdPK2Iqgm6jD9vjT
4EOATCZGw4nyNohTWNTJAZpESP2IsBw7yIVZlXs/1CRbRjAia9IqRVj7skRnYg5V
C9zvRIZ6xnyPwbLBbjkWyTlFCL9Y6/roKpG1lOQkpyEZzC2lUjGq499Gpj2Uh34p
WHppDDCBE71lETSAtdK5+AnboDmoPzPr8flskmdAdChccfhdrB/lHzLFzOI6AtV2
bAqncXYWvuDba6hURO0Cw+YybU1T3/ND29n0UqX1gOIDvXFayQI=
=Fs7B
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 2064-1] ldm security update
Next by Date: [SECURITY] DLA-2066-1 gthumb security update
Previous by thread: [SECURITY] [DLA 2064-1] ldm security update
Next by thread: [SECURITY] DLA-2066-1 gthumb security update
Index(es):
- Date
- Thread