Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 829353 (CVE-2021-45046)

Summary: [Tracker] Log4j DoS/Info Disclosure Vulnerability
Product: Gentoo Security Reporter: John Helmert III <ajak>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal    
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://www.openwall.com/lists/oss-security/2021/12/14/4
Whiteboard:
Package list:
Runtime testing required: ---
Bug Depends on: 828853, 829377    
Bug Blocks:    

Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2021-12-16 17:01:15 UTC
2.15.0 fix was insufficient and only reduces impact to a DoS vulnerability. Fix is in 2.16.0. Unifi already fixed, Graylog seemingly incoming:

https://github.com/Graylog2/graylog2-server/pull/11786#issuecomment-994715935
Comment 1 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2021-12-16 20:45:51 UTC
This is being reported on as an info disclosure, too: https://arstechnica.com/information-technology/2021/12/patch-fixing-critical-log4j-0-day-has-its-own-vulnerability-thats-under-exploit/
Comment 3 Hans de Graaff gentoo-dev Security 2023-10-29 07:19:05 UTC
All related bugs have been fixed.