Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 829353 (CVE-2021-45046) - [Tracker] Log4j DoS/Info Disclosure Vulnerability
Summary: [Tracker] Log4j DoS/Info Disclosure Vulnerability
Status: CONFIRMED
Alias: CVE-2021-45046
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL: https://www.openwall.com/lists/oss-se...
Whiteboard:
Keywords:
Depends on: 828853 829377
Blocks:
  Show dependency tree
 
Reported: 2021-12-16 17:01 UTC by John Helmert III
Modified: 2021-12-19 00:44 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2021-12-16 17:01:15 UTC
2.15.0 fix was insufficient and only reduces impact to a DoS vulnerability. Fix is in 2.16.0. Unifi already fixed, Graylog seemingly incoming:

https://github.com/Graylog2/graylog2-server/pull/11786#issuecomment-994715935
Comment 1 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2021-12-16 20:45:51 UTC
This is being reported on as an info disclosure, too: https://arstechnica.com/information-technology/2021/12/patch-fixing-critical-log4j-0-day-has-its-own-vulnerability-thats-under-exploit/