CESA-2022:0442 -- centos 7 log4jID: oval:org.secpod.oval:def:205937 | Date: (C)2022-02-17 (M)2023-12-26 |
Class: PATCH | Family: unix |
Security Fix: log4j: SQL injection in Log4j 1.x when application is configured to use JDBCAppender log4j: Unsafe deserialization flaw in Chainsaw log viewer log4j: Remote code execution in Log4j 1.x when application is configured to use JMSSink For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258