- Vulnerability/
- USN-4495-1
USN-4495-1: Apache Log4j vulnerability
First published: Tue Sep 15 2020(Updated: )
It was discovered that Apache Log4j does not properly deserialize untrusted data. An attacker could possibly use this issue to remotely execute arbitrary code. (CVE-2019-17571)
| Affected Software | Affected Version | How to fix |
|---|---|---|
| All of | ||
| ubuntu/liblog4j1.2-java | <1.2.17-8+deb10u1build0.18.04.1 | 1.2.17-8+deb10u1build0.18.04.1 |
| =18.04 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this Apache Log4j vulnerability?
The vulnerability ID for this Apache Log4j vulnerability is CVE-2019-17571.
What is the severity of the CVE-2019-17571 vulnerability?
The severity of the CVE-2019-17571 vulnerability has not been provided.
How does the Apache Log4j vulnerability work?
The Apache Log4j vulnerability allows an attacker to remotely execute arbitrary code by exploiting a deserialization flaw.
Which versions of liblog4j1.2-java are affected by this vulnerability?
The version affected by this vulnerability is 1.2.17-8+deb10u1build0.18.04.1.
How can I fix the Apache Log4j vulnerability in Ubuntu 18.04?
To fix the Apache Log4j vulnerability in Ubuntu 18.04, update the liblog4j1.2-java package to version 1.2.17-8+deb10u1build0.18.04.1 or later.
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/title
- agent/type
- collector/usn
- source/Ubuntu
- anchor-related/USN-5998-1
- agent/software-canonical-lookup
- package-manager/ubuntu
- vendor/ubuntu
- canonical/ubuntu ubuntu
- version/ubuntu ubuntu/18.04