SUSE-SU-2022:0226-1 -- SLES log4j12ID: oval:org.secpod.oval:def:89045981 | Date: (C)2022-02-17 (M)2023-12-26 |
Class: PATCH | Family: unix |
This update for log4j12 fixes the following issues: - CVE-2022-23307: Fix deserialization issue by removing the chainsaw sub-package. - CVE-2022-23305: Fix SQL injection by removing src/main/java/org/apache/log4j/jdbc/JDBCAppender.java. - CVE-2022-23302: Fix remote code execution by removing src/main/java/org/apache/log4j/net/JMSSink.java
Platform: |
SUSE Linux Enterprise Server 15 SP2 |