Sicherheit: Ausführen beliebiger Kommandos in slf4j
Aktuelle Meldungen Distributionen
Name: Ausführen beliebiger Kommandos in slf4j
ID: FEDORA-2018-8b0ad602be
Distribution: Fedora
Plattformen: Fedora 28
Datum: Fr, 30. März 2018, 21:02
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8088
Applikationen: slf4j


Fedora Update Notification
2018-03-30 12:38:03.475495

Name : slf4j
Product : Fedora 28
Version : 1.7.25
Release : 4.fc28
URL : http://www.slf4j.org/
Summary : Simple Logging Facade for Java
Description :
The Simple Logging Facade for Java or (SLF4J) is intended to serve
as a simple facade for various logging APIs allowing to the end-user
to plug in the desired implementation at deployment time. SLF4J also
allows for a gradual migration path away from
Jakarta Commons Logging (JCL).

Logging API implementations can either choose to implement the
SLF4J interfaces directly, e.g. NLOG4J or SimpleLogger. Alternatively,
it is possible (and rather easy) to write SLF4J adapters for the given
API implementation, e.g. Log4jLoggerAdapter or JDK14LoggerAdapter..

Update Information:

Security fix for CVE-2018-8088

[ 1 ] Bug #1548909 - CVE-2018-8088 slf4j: Deserialisation vulnerability in
EventData constructor can allow for arbitrary code execution

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade slf4j' at the command line.
For more information, refer to the dnf documentation available at

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Pro-Linux @Facebook
Neue Nachrichten