SUSE-SU-2022:0214-1 -- SLES log4j| ID: oval:org.secpod.oval:def:89045990 | Date: (C)2022-02-17 (M)2023-12-26 |
| Class: PATCH | Family: unix |
This update for log4j fixes the following issues: - CVE-2022-23307: Fixed deserialization flaw in the chainsaw component of log4j leading to malicious code execution. - CVE-2022-23305: Fixed SQL injection when application is configured to use JDBCAppender. - CVE-2022-23302: Fixed remote code execution when application is configured to use JMSSink
| Platform: |
| SUSE Linux Enterprise Server 15 |
| SUSE Linux Enterprise Server 15 SP1 |
