drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Ausführen beliebiger Kommandos in slf4j
| Name: |
Ausführen beliebiger Kommandos in slf4j |
|
| ID: |
FEDORA-2018-a4353f97db |
|
| Distribution: |
Fedora |
|
| Plattformen: |
Fedora 27 |
|
| Datum: |
Do, 29. März 2018, 23:09 |
|
| Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8088 |
|
| Applikationen: |
Simple Logging Facade for Java |
|
Originalnachricht |
-------------------------------------------------------------------------------
-
Fedora Update Notification
FEDORA-2018-a4353f97db
2018-03-29 16:19:28.320604
-------------------------------------------------------------------------------
-
Name : slf4j
Product : Fedora 27
Version : 1.7.25
Release : 4.fc27
URL : http://www.slf4j.org/
Summary : Simple Logging Facade for Java
Description :
The Simple Logging Facade for Java or (SLF4J) is intended to serve
as a simple facade for various logging APIs allowing to the end-user
to plug in the desired implementation at deployment time. SLF4J also
allows for a gradual migration path away from
Jakarta Commons Logging (JCL).
Logging API implementations can either choose to implement the
SLF4J interfaces directly, e.g. NLOG4J or SimpleLogger. Alternatively,
it is possible (and rather easy) to write SLF4J adapters for the given
API implementation, e.g. Log4jLoggerAdapter or JDK14LoggerAdapter..
-------------------------------------------------------------------------------
-
Update Information:
Security fix for CVE-2018-8088
-------------------------------------------------------------------------------
-
References:
[ 1 ] Bug #1548909 - CVE-2018-8088 slf4j: Deserialisation vulnerability in
EventData constructor can allow for arbitrary code execution
https://bugzilla.redhat.com/show_bug.cgi?id=1548909
-------------------------------------------------------------------------------
-
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade slf4j' at the command line.
For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
-------------------------------------------------------------------------------
-
_______________________________________________
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
|
|
|
|
