Packages
- apache-log4j2 - Apache Log4j - Logging Framework for Java
Details
It was discovered that Apache Log4j 2 was vulnerable to remote code
execution (RCE) attack when configured to use a JDBC Appender with a
JNDI LDAP data source URI. A remote attacker could possibly use this issue to
cause a crash, leading to a denial of service. (CVE-2021-44832)
Hideki Okamoto and Guy Lederfein discovered that Apache Log4j 2 did not
protect against infinite recursion in lookup evaluation. A remote attacker
could possibly use this issue to cause Apache Log4j 2 to crash, leading to
a denial of service. This issue only affected Ubuntu 18.04 LTS.
(CVE-2021-45105)
It was discovered that Apache Log4j 2 was vulnerable to remote code
execution (RCE) attack when configured to use a JDBC Appender with a
JNDI LDAP data source URI. A remote attacker could possibly use this issue to
cause a crash, leading to a denial of service. (CVE-2021-44832)
Hideki Okamoto and Guy Lederfein discovered that Apache Log4j 2 did not
protect against infinite recursion in lookup evaluation. A remote attacker
could possibly use this issue to cause Apache Log4j 2 to crash, leading to
a denial of service. This issue only affected Ubuntu 18.04 LTS.
(CVE-2021-45105)
Update instructions
In general, a standard system update will make all the necessary changes.
Learn more about how to get the fixes.The problem can be corrected by updating your system to the following package versions:
| Ubuntu Release | Package Version | ||
|---|---|---|---|
| 21.10 impish | liblog4j2-java – 2.17.1-0.21.10.1 | ||
| 21.04 hirsute | liblog4j2-java – 2.17.1-0.21.04.1 | ||
| 20.04 focal | liblog4j2-java – 2.17.1-0.20.04.1 | ||
| 18.04 bionic | liblog4j2-java – 2.12.4-0ubuntu0.1 | ||
Reduce your security exposure
Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.