SUSE-SU-2022:0212-1 -- SLES log4j| ID: oval:org.secpod.oval:def:89045977 | Date: (C)2022-02-17 (M)2023-12-26 |
| Class: PATCH | Family: unix |
This update for log4j fixes the following issues: - CVE-2022-23307: Fix deserialization issue by removing the chainsaw sub-package. - CVE-2022-23305: Fix SQL injection by removing src/main/java/org/apache/log4j/jdbc/JDBCAppender.java. - CVE-2022-23302: Fix remote code execution by removing src/main/java/org/apache/log4j/net/JMSSink.java
| Platform: |
| SUSE Linux Enterprise Server 12 SP3 |
| SUSE Linux Enterprise Server 12 SP2 |
| SUSE Linux Enterprise Server 12 SP5 |
| SUSE Linux Enterprise Server 12 SP4 |
