SUSE-SU-2022:0355-1 | Mondoo Vulnerability Intelligence

SUSE-SU-2022:0355-1

UNKNOWN

Security update for elasticsearch, elasticsearch-kit, kafka, kafka-kit, logstash, openstack-monasca-agent, openstack-monasca-log-metrics, openstack-monasca-log-persister, openstack-monasca-log-transformer, openstack-monasca-persister-java, openstack-monasca-persister-java-kit, openstack-monasca-thresh, openstack-monasca-thresh-kit, spark, spark-kit, venv-openstack-monasca, zookeeper, zookeeper-kit

Published Feb 9, 2022

Modified 4 years ago

Fix available

Details

This update for elasticsearch, elasticsearch-kit, kafka, kafka-kit, logstash, openstack-monasca-agent, openstack-monasca-log-metrics, openstack-monasca-log-persister, openstack-monasca-log-transformer, openstack-monasca-persister-java, openstack-monasca-persister-java-kit, openstack-monasca-thresh, openstack-monasca-thresh-kit, spark, spark-kit, venv-openstack-monasca, zookeeper, zookeeper-kit fixes the following issues:

CVE-2021-4104: Fixed remote code execution through JMS API via the ldap JNDI parser (bsc#1193662).
CVE-2022-23302: Fixed remote code execution in Log4j 1.x when application is configured to use JMSSink (bsc#1194842).
CVE-2022-23305: Fixed SQL injection in Log4j 1.x when application is configured to use JDBCAppender (bsc#1194843).
CVE-2022-23307: Fixed deserialization flaw in the Chainsaw component of Log4j 1 that could lead to malicious code execution (bsc#1194844).

Affected Packages(62 packages)

elasticsearch

SUSE HPE Helion OpenStack 8SUSE OpenStack Cloud 8SUSE OpenStack Cloud Crowbar 8

Fixed in:

2.4.2-5.6.1

kafka

SUSE HPE Helion OpenStack 8SUSE OpenStack Cloud 8SUSE OpenStack Cloud Crowbar 8

Fixed in:

0.10.2.2-5.12.1

logstash

SUSE HPE Helion OpenStack 8SUSE OpenStack Cloud 8SUSE OpenStack Cloud Crowbar 8

Fixed in: