SUSE-SU-2020:0053-1

Details

This update for log4j fixes the following issues:

CVE-2019-17571: Fixed a remote code execution by deserialization of untrusted data in SocketServer (bsc#1159646).

Affected Packages

log4j

SUSE Linux Enterprise Module for Basesystem 15SUSE Linux Enterprise Module for Basesystem 15 SP1SUSE Linux Enterprise Module for Development Tools 15SUSE Linux Enterprise Module for Development Tools 15 SP1

Fixed in:

1.2.17-5.3.1

log4j-manual

SUSE Linux Enterprise Module for Development Tools 15SUSE Linux Enterprise Module for Development Tools 15 SP1

Fixed in:

1.2.17-5.3.1

References

REPORT

https://bugzilla.suse.com/1159646

WEB

https://www.suse.com/security/cve/CVE-2019-17571

ADVISORY

https://www.suse.com/support/update/announcement/2020/suse-su-20200053-1/