Login
Newsletter
Werbung

Sicherheit: Ausführen beliebiger Kommandos in slf4j
Aktuelle Meldungen Distributionen
Name: Ausführen beliebiger Kommandos in slf4j
ID: FEDORA-2018-a46b358764
Distribution: Fedora
Plattformen: Fedora 26
Datum: Do, 29. März 2018, 23:03
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8088
Applikationen: slf4j

Originalnachricht

-------------------------------------------------------------------------------
-
Fedora Update Notification
FEDORA-2018-a46b358764
2018-03-29 15:52:12.354170
-------------------------------------------------------------------------------
-

Name : slf4j
Product : Fedora 26
Version : 1.7.22
Release : 5.fc26
URL : http://www.slf4j.org/
Summary : Simple Logging Facade for Java
Description :
The Simple Logging Facade for Java or (SLF4J) is intended to serve
as a simple facade for various logging APIs allowing to the end-user
to plug in the desired implementation at deployment time. SLF4J also
allows for a gradual migration path away from
Jakarta Commons Logging (JCL).

Logging API implementations can either choose to implement the
SLF4J interfaces directly, e.g. NLOG4J or SimpleLogger. Alternatively,
it is possible (and rather easy) to write SLF4J adapters for the given
API implementation, e.g. Log4jLoggerAdapter or JDK14LoggerAdapter..

-------------------------------------------------------------------------------
-
Update Information:

Security fix for CVE-2018-8088
-------------------------------------------------------------------------------
-
References:

[ 1 ] Bug #1548909 - CVE-2018-8088 slf4j: Deserialisation vulnerability in
EventData constructor can allow for arbitrary code execution
https://bugzilla.redhat.com/show_bug.cgi?id=1548909
-------------------------------------------------------------------------------
-

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade slf4j' at the command line.
For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
-------------------------------------------------------------------------------
-
_______________________________________________
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Pro-Linux
Unterstützer werden
Neue Nachrichten
Werbung