Debian Security Update DSA-5020 apache-log4j2 - security update

Thread starter LinuxBot
Start date Dec 12, 2021

LinuxBot

Member

Dec 12, 2021

#1

Chen Zhaojun of Alibaba Cloud Security Team discovered a critical security vulnerability in Apache Log4j, a popular Logging Framework for Java. JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From version 2.15.0, this behavior has been disabled by default.

Continue reading...

You must log in or register to reply here.

Similar threads

Debian Security Update DSA-6160-1 netty - security update

Replies: 0

Views: 126

Mar 12, 2026

LinuxBot

Debian Security Update DSA-5995-1 hsqldb1.8.0 - security update

Replies: 0

Views: 177

Sep 10, 2025

LinuxBot

Debian Security Update DSA-5940-1 modsecurity-apache - security update

Replies: 0

Views: 154

Jun 9, 2025

LinuxBot

Debian Security Update DSA-5845-1 tomcat10 - security update

Replies: 0

Views: 297

Jan 17, 2025

LinuxBot

Debian Security Update DSA-5685-1 wordpress - security update

Replies: 0

Views: 603

May 9, 2024

LinuxBot

Share:

Facebook X Bluesky LinkedIn Reddit Pinterest Tumblr WhatsApp Email Link

Follow Linux.org

Linux.org YouTube Channel

Members online

Total: 1,821 (members: 3, guests: 1,818)

Latest posts

What are Your Takes On "GNU Purism"
- Latest: CaffeineAddict
- 34 minutes ago
General Computing
Files missing
- Latest: dos2unix
- 45 minutes ago
Mint
J
Linux Mint - can't access terminal
- Latest: jbg3
- 52 minutes ago
Getting Started
Update Chrome ASAP to Protect Yourself From This Active ExploitIf you use Chrome, you're vulnerable until you install this update. Jun 11, 2026
- Latest: craigevil
- Today at 12:55 PM
Linux Security
Fresh Installation of MX Linux ver 25 XFCE
- Latest: kc1di
- Today at 11:06 AM
Getting Started

Top