drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Ausführen beliebiger Kommandos in slf4j
Name: |
Ausführen beliebiger Kommandos in slf4j |
|
ID: |
FEDORA-2018-a4353f97db |
|
Distribution: |
Fedora |
|
Plattformen: |
Fedora 27 |
|
Datum: |
Do, 29. März 2018, 23:09 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8088 |
|
Applikationen: |
Simple Logging Facade for Java |
|
Originalnachricht |
------------------------------------------------------------------------------- - Fedora Update Notification FEDORA-2018-a4353f97db 2018-03-29 16:19:28.320604 ------------------------------------------------------------------------------- -
Name : slf4j Product : Fedora 27 Version : 1.7.25 Release : 4.fc27 URL : http://www.slf4j.org/ Summary : Simple Logging Facade for Java Description : The Simple Logging Facade for Java or (SLF4J) is intended to serve as a simple facade for various logging APIs allowing to the end-user to plug in the desired implementation at deployment time. SLF4J also allows for a gradual migration path away from Jakarta Commons Logging (JCL).
Logging API implementations can either choose to implement the SLF4J interfaces directly, e.g. NLOG4J or SimpleLogger. Alternatively, it is possible (and rather easy) to write SLF4J adapters for the given API implementation, e.g. Log4jLoggerAdapter or JDK14LoggerAdapter..
------------------------------------------------------------------------------- - Update Information:
Security fix for CVE-2018-8088 ------------------------------------------------------------------------------- - References:
[ 1 ] Bug #1548909 - CVE-2018-8088 slf4j: Deserialisation vulnerability in EventData constructor can allow for arbitrary code execution https://bugzilla.redhat.com/show_bug.cgi?id=1548909 ------------------------------------------------------------------------------- -
This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade slf4j' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys ------------------------------------------------------------------------------- - _______________________________________________ package-announce mailing list -- package-announce@lists.fedoraproject.org To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
|
|
|
|