First published: Tue Sep 15 2020(Updated: )
It was discovered that Apache Log4j does not properly deserialize untrusted data. An attacker could possibly use this issue to remotely execute arbitrary code. (CVE-2019-17571)
Affected Software | Affected Version | How to fix |
---|---|---|
All of | ||
ubuntu/liblog4j1.2-java | <1.2.17-8+deb10u1build0.18.04.1 | 1.2.17-8+deb10u1build0.18.04.1 |
=18.04 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this Apache Log4j vulnerability is CVE-2019-17571.
The severity of the CVE-2019-17571 vulnerability has not been provided.
The Apache Log4j vulnerability allows an attacker to remotely execute arbitrary code by exploiting a deserialization flaw.
The version affected by this vulnerability is 1.2.17-8+deb10u1build0.18.04.1.
To fix the Apache Log4j vulnerability in Ubuntu 18.04, update the liblog4j1.2-java package to version 1.2.17-8+deb10u1build0.18.04.1 or later.