SUSE-SU-2022:0212-1 -- SLES log4jID: oval:org.secpod.oval:def:89045977 | Date: (C)2022-02-17 (M)2023-12-26 |
Class: PATCH | Family: unix |
This update for log4j fixes the following issues: - CVE-2022-23307: Fix deserialization issue by removing the chainsaw sub-package. - CVE-2022-23305: Fix SQL injection by removing src/main/java/org/apache/log4j/jdbc/JDBCAppender.java. - CVE-2022-23302: Fix remote code execution by removing src/main/java/org/apache/log4j/net/JMSSink.java
Platform: |
SUSE Linux Enterprise Server 12 SP3 |
SUSE Linux Enterprise Server 12 SP2 |
SUSE Linux Enterprise Server 12 SP5 |
SUSE Linux Enterprise Server 12 SP4 |