Security
Headlines
HeadlinesLatestCVEs

Headline

RHSA-2021:5206: Red Hat Security Advisory: log4j security update

An update for log4j is now available for Red Hat Enterprise Linux 6 Extended Lifecycle Support, Red Hat Enterprise Linux 7, Red Hat Enterprise Linux 7.3 Advanced Update Support, Red Hat Enterprise Linux 7.4 Advanced Update Support, Red Hat Enterprise Linux 7.6 Advanced Update Support, Red Hat Enterprise Linux 7.6 Telco Extended Update Support, Red Hat Enterprise Linux 7.6 Update Services for SAP Solutions, Red Hat Enterprise Linux 7.7 Advanced Update Support, Red Hat Enterprise Linux 7.7 Telco Extended Update Support, and Red Hat Enterprise Linux 7.7 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:

  • CVE-2021-4104: log4j: Remote code execution in Log4j 1.x when application is configured to use JMSAppender
Red Hat Security Data
Open in Source
#vulnerability#linux#red_hat#java

Synopsis

Moderate: log4j security update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for log4j is now available for Red Hat Enterprise Linux 6 Extended Lifecycle Support, Red Hat Enterprise Linux 7, Red Hat Enterprise Linux 7.3 Advanced Update Support, Red Hat Enterprise Linux 7.4 Advanced Update Support, Red Hat Enterprise Linux 7.6 Advanced Update Support, Red Hat Enterprise Linux 7.6 Telco Extended Update Support, Red Hat Enterprise Linux 7.6 Update Services for SAP Solutions, Red Hat Enterprise Linux 7.7 Advanced Update Support, Red Hat Enterprise Linux 7.7 Telco Extended Update Support, and Red Hat Enterprise Linux 7.7 Update Services for SAP Solutions.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Log4j is a tool to help the programmer output log statements to a variety of output targets.

Security Fix(es):

  • log4j: Remote code execution in Log4j 1.x when application is configured to use JMSAppender (CVE-2021-4104)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Affected Products

  • Red Hat Enterprise Linux Server 7 x86_64
  • Red Hat Enterprise Linux Server - AUS 7.7 x86_64
  • Red Hat Enterprise Linux Server - AUS 7.6 x86_64
  • Red Hat Enterprise Linux Server - AUS 7.4 x86_64
  • Red Hat Enterprise Linux Server - AUS 7.3 x86_64
  • Red Hat Enterprise Linux Server - Extended Life Cycle Support 6 x86_64
  • Red Hat Enterprise Linux Server - Extended Life Cycle Support 6 i386
  • Red Hat Enterprise Linux Workstation 7 x86_64
  • Red Hat Enterprise Linux Desktop 7 x86_64
  • Red Hat Enterprise Linux for IBM z Systems 7 s390x
  • Red Hat Enterprise Linux for Power, big endian 7 ppc64
  • Red Hat Enterprise Linux for Scientific Computing 7 x86_64
  • Red Hat Enterprise Linux for Power, little endian 7 ppc64le
  • Red Hat Enterprise Linux Server - TUS 7.7 x86_64
  • Red Hat Enterprise Linux Server - TUS 7.6 x86_64
  • Red Hat Enterprise Linux Server - Extended Life Cycle Support (for IBM z Systems) 6 s390x
  • Red Hat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions 7.7 ppc64le
  • Red Hat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions 7.6 ppc64le
  • Red Hat Enterprise Linux Server - Update Services for SAP Solutions 7.7 x86_64
  • Red Hat Enterprise Linux Server - Update Services for SAP Solutions 7.6 x86_64

Fixes

  • BZ - 2031667 - CVE-2021-4104 log4j: Remote code execution in Log4j 1.x when application is configured to use JMSAppender

References

  • https://access.redhat.com/security/updates/classification/#moderate
  • https://access.redhat.com/security/vulnerabilities/RHSB-2021-009

Red Hat Enterprise Linux Server 7

SRPM

log4j-1.2.17-17.el7_4.src.rpm

SHA-256: d85ea4787fa5728bd165d8b91f8ca87336aaa40196b4e6a8b578abda1e81629a

x86_64

log4j-1.2.17-17.el7_4.noarch.rpm

SHA-256: f080946fcf6f950cd80acc11eff4b3bf449fe66e6c414b47bab1558ebe263ee9

log4j-javadoc-1.2.17-17.el7_4.noarch.rpm

SHA-256: ab1f5fb8f5b3d3a6350739c5721718bb36374cfab9c38242df75856b9190a173

log4j-manual-1.2.17-17.el7_4.noarch.rpm

SHA-256: 8c0ba0de68cb242456e67d830a8c499e6d8c8ce3f171290f81514044356602a3

Red Hat Enterprise Linux Server - AUS 7.7

SRPM

log4j-1.2.17-17.el7_4.src.rpm

SHA-256: d85ea4787fa5728bd165d8b91f8ca87336aaa40196b4e6a8b578abda1e81629a

x86_64

log4j-1.2.17-17.el7_4.noarch.rpm

SHA-256: f080946fcf6f950cd80acc11eff4b3bf449fe66e6c414b47bab1558ebe263ee9

log4j-javadoc-1.2.17-17.el7_4.noarch.rpm

SHA-256: ab1f5fb8f5b3d3a6350739c5721718bb36374cfab9c38242df75856b9190a173

log4j-manual-1.2.17-17.el7_4.noarch.rpm

SHA-256: 8c0ba0de68cb242456e67d830a8c499e6d8c8ce3f171290f81514044356602a3

Red Hat Enterprise Linux Server - AUS 7.6

SRPM

log4j-1.2.17-17.el7_4.src.rpm

SHA-256: d85ea4787fa5728bd165d8b91f8ca87336aaa40196b4e6a8b578abda1e81629a

x86_64

log4j-1.2.17-17.el7_4.noarch.rpm

SHA-256: f080946fcf6f950cd80acc11eff4b3bf449fe66e6c414b47bab1558ebe263ee9

log4j-javadoc-1.2.17-17.el7_4.noarch.rpm

SHA-256: ab1f5fb8f5b3d3a6350739c5721718bb36374cfab9c38242df75856b9190a173

log4j-manual-1.2.17-17.el7_4.noarch.rpm

SHA-256: 8c0ba0de68cb242456e67d830a8c499e6d8c8ce3f171290f81514044356602a3

Red Hat Enterprise Linux Server - AUS 7.4

SRPM

log4j-1.2.17-17.el7_4.src.rpm

SHA-256: d85ea4787fa5728bd165d8b91f8ca87336aaa40196b4e6a8b578abda1e81629a

x86_64

log4j-1.2.17-17.el7_4.noarch.rpm

SHA-256: f080946fcf6f950cd80acc11eff4b3bf449fe66e6c414b47bab1558ebe263ee9

log4j-javadoc-1.2.17-17.el7_4.noarch.rpm

SHA-256: ab1f5fb8f5b3d3a6350739c5721718bb36374cfab9c38242df75856b9190a173

log4j-manual-1.2.17-17.el7_4.noarch.rpm

SHA-256: 8c0ba0de68cb242456e67d830a8c499e6d8c8ce3f171290f81514044356602a3

Red Hat Enterprise Linux Server - AUS 7.3

SRPM

log4j-1.2.17-16.el7_3.src.rpm

SHA-256: ceacb864012a2f999c442b6466f8b5c9677f1c7d3f6c90836efa83d41cd7d804

x86_64

log4j-1.2.17-16.el7_3.noarch.rpm

SHA-256: 2baa5f10a987f59819949c376d30e9e774ff6d7948d54ef5d00a13b34c36580d

log4j-javadoc-1.2.17-16.el7_3.noarch.rpm

SHA-256: a3ae7ba56c9ed4aa4784d27e2c6547e8b64f1917dc23aba4858855a7d47fa2b3

log4j-manual-1.2.17-16.el7_3.noarch.rpm

SHA-256: 9a462ab5279b56240eaca68ea2144cc3bf64cf056c4f704c85b678382a771b4f

Red Hat Enterprise Linux Server - Extended Life Cycle Support 6

SRPM

log4j-1.2.14-6.5.el6_10.src.rpm

SHA-256: 8f72526e0dbbcf4c56d1d6534527487982c4e903ec9061a7c12aa5e9a1d27025

x86_64

log4j-1.2.14-6.5.el6_10.x86_64.rpm

SHA-256: 3adda83a66c25b95c8569051e654362f2275e25f63a704217caf61b34138af67

log4j-debuginfo-1.2.14-6.5.el6_10.x86_64.rpm

SHA-256: 8f118c72aa448184b230cd78fe0f96a4a13fb2d213860805de308f3ae9e74264

log4j-debuginfo-1.2.14-6.5.el6_10.x86_64.rpm

SHA-256: 8f118c72aa448184b230cd78fe0f96a4a13fb2d213860805de308f3ae9e74264

log4j-javadoc-1.2.14-6.5.el6_10.x86_64.rpm

SHA-256: 1a5894130cbece3082a06e38ab23439a6223d8bdfda38cbd3e6447effd88d62c

log4j-manual-1.2.14-6.5.el6_10.x86_64.rpm

SHA-256: eeaf9add52f4119e11621514d60371abe4491b84e7a3a07c1308e5c2d7b0183b

i386

log4j-1.2.14-6.5.el6_10.i686.rpm

SHA-256: 257cb24910206d7d3ec685b044a8a351dab231b21441e7f941fce26720d5a1c1

log4j-debuginfo-1.2.14-6.5.el6_10.i686.rpm

SHA-256: e10e536bebd4ab3c4df600bacff723c7f25c7cd046c9e92681bc2dc47fb8c9d6

log4j-debuginfo-1.2.14-6.5.el6_10.i686.rpm

SHA-256: e10e536bebd4ab3c4df600bacff723c7f25c7cd046c9e92681bc2dc47fb8c9d6

log4j-javadoc-1.2.14-6.5.el6_10.i686.rpm

SHA-256: 7e3250293033a1b02ad97184b73ef5c03999522cd5f6b40bde10427c8b31d15d

log4j-manual-1.2.14-6.5.el6_10.i686.rpm

SHA-256: 14d20fa080907e2dfab72815bd3bbdd3acd24f715c36cab2f2ccada030b5c5a8

Red Hat Enterprise Linux Workstation 7

SRPM

log4j-1.2.17-17.el7_4.src.rpm

SHA-256: d85ea4787fa5728bd165d8b91f8ca87336aaa40196b4e6a8b578abda1e81629a

x86_64

log4j-1.2.17-17.el7_4.noarch.rpm

SHA-256: f080946fcf6f950cd80acc11eff4b3bf449fe66e6c414b47bab1558ebe263ee9

log4j-javadoc-1.2.17-17.el7_4.noarch.rpm

SHA-256: ab1f5fb8f5b3d3a6350739c5721718bb36374cfab9c38242df75856b9190a173

log4j-manual-1.2.17-17.el7_4.noarch.rpm

SHA-256: 8c0ba0de68cb242456e67d830a8c499e6d8c8ce3f171290f81514044356602a3

Red Hat Enterprise Linux Desktop 7

SRPM

log4j-1.2.17-17.el7_4.src.rpm

SHA-256: d85ea4787fa5728bd165d8b91f8ca87336aaa40196b4e6a8b578abda1e81629a

x86_64

log4j-1.2.17-17.el7_4.noarch.rpm

SHA-256: f080946fcf6f950cd80acc11eff4b3bf449fe66e6c414b47bab1558ebe263ee9

log4j-javadoc-1.2.17-17.el7_4.noarch.rpm

SHA-256: ab1f5fb8f5b3d3a6350739c5721718bb36374cfab9c38242df75856b9190a173

log4j-manual-1.2.17-17.el7_4.noarch.rpm

SHA-256: 8c0ba0de68cb242456e67d830a8c499e6d8c8ce3f171290f81514044356602a3

Red Hat Enterprise Linux for IBM z Systems 7

SRPM

log4j-1.2.17-17.el7_4.src.rpm

SHA-256: d85ea4787fa5728bd165d8b91f8ca87336aaa40196b4e6a8b578abda1e81629a

s390x

log4j-1.2.17-17.el7_4.noarch.rpm

SHA-256: f080946fcf6f950cd80acc11eff4b3bf449fe66e6c414b47bab1558ebe263ee9

log4j-javadoc-1.2.17-17.el7_4.noarch.rpm

SHA-256: ab1f5fb8f5b3d3a6350739c5721718bb36374cfab9c38242df75856b9190a173

log4j-manual-1.2.17-17.el7_4.noarch.rpm

SHA-256: 8c0ba0de68cb242456e67d830a8c499e6d8c8ce3f171290f81514044356602a3

Red Hat Enterprise Linux for Power, big endian 7

SRPM

log4j-1.2.17-17.el7_4.src.rpm

SHA-256: d85ea4787fa5728bd165d8b91f8ca87336aaa40196b4e6a8b578abda1e81629a

ppc64

log4j-1.2.17-17.el7_4.noarch.rpm

SHA-256: f080946fcf6f950cd80acc11eff4b3bf449fe66e6c414b47bab1558ebe263ee9

log4j-javadoc-1.2.17-17.el7_4.noarch.rpm

SHA-256: ab1f5fb8f5b3d3a6350739c5721718bb36374cfab9c38242df75856b9190a173

log4j-manual-1.2.17-17.el7_4.noarch.rpm

SHA-256: 8c0ba0de68cb242456e67d830a8c499e6d8c8ce3f171290f81514044356602a3

Red Hat Enterprise Linux for Scientific Computing 7

SRPM

log4j-1.2.17-17.el7_4.src.rpm

SHA-256: d85ea4787fa5728bd165d8b91f8ca87336aaa40196b4e6a8b578abda1e81629a

x86_64

log4j-1.2.17-17.el7_4.noarch.rpm

SHA-256: f080946fcf6f950cd80acc11eff4b3bf449fe66e6c414b47bab1558ebe263ee9

log4j-javadoc-1.2.17-17.el7_4.noarch.rpm

SHA-256: ab1f5fb8f5b3d3a6350739c5721718bb36374cfab9c38242df75856b9190a173

log4j-manual-1.2.17-17.el7_4.noarch.rpm

SHA-256: 8c0ba0de68cb242456e67d830a8c499e6d8c8ce3f171290f81514044356602a3

Red Hat Enterprise Linux for Power, little endian 7

SRPM

log4j-1.2.17-17.el7_4.src.rpm

SHA-256: d85ea4787fa5728bd165d8b91f8ca87336aaa40196b4e6a8b578abda1e81629a

ppc64le

log4j-1.2.17-17.el7_4.noarch.rpm

SHA-256: f080946fcf6f950cd80acc11eff4b3bf449fe66e6c414b47bab1558ebe263ee9

log4j-javadoc-1.2.17-17.el7_4.noarch.rpm

SHA-256: ab1f5fb8f5b3d3a6350739c5721718bb36374cfab9c38242df75856b9190a173

log4j-manual-1.2.17-17.el7_4.noarch.rpm

SHA-256: 8c0ba0de68cb242456e67d830a8c499e6d8c8ce3f171290f81514044356602a3

Red Hat Enterprise Linux Server - TUS 7.7

SRPM

log4j-1.2.17-17.el7_4.src.rpm

SHA-256: d85ea4787fa5728bd165d8b91f8ca87336aaa40196b4e6a8b578abda1e81629a

x86_64

log4j-1.2.17-17.el7_4.noarch.rpm

SHA-256: f080946fcf6f950cd80acc11eff4b3bf449fe66e6c414b47bab1558ebe263ee9

log4j-javadoc-1.2.17-17.el7_4.noarch.rpm

SHA-256: ab1f5fb8f5b3d3a6350739c5721718bb36374cfab9c38242df75856b9190a173

log4j-manual-1.2.17-17.el7_4.noarch.rpm

SHA-256: 8c0ba0de68cb242456e67d830a8c499e6d8c8ce3f171290f81514044356602a3

Red Hat Enterprise Linux Server - TUS 7.6

SRPM

log4j-1.2.17-17.el7_4.src.rpm

SHA-256: d85ea4787fa5728bd165d8b91f8ca87336aaa40196b4e6a8b578abda1e81629a

x86_64

log4j-1.2.17-17.el7_4.noarch.rpm

SHA-256: f080946fcf6f950cd80acc11eff4b3bf449fe66e6c414b47bab1558ebe263ee9

log4j-javadoc-1.2.17-17.el7_4.noarch.rpm

SHA-256: ab1f5fb8f5b3d3a6350739c5721718bb36374cfab9c38242df75856b9190a173

log4j-manual-1.2.17-17.el7_4.noarch.rpm

SHA-256: 8c0ba0de68cb242456e67d830a8c499e6d8c8ce3f171290f81514044356602a3

Red Hat Enterprise Linux Server - Extended Life Cycle Support (for IBM z Systems) 6

SRPM

log4j-1.2.14-6.5.el6_10.src.rpm

SHA-256: 8f72526e0dbbcf4c56d1d6534527487982c4e903ec9061a7c12aa5e9a1d27025

s390x

log4j-1.2.14-6.5.el6_10.s390x.rpm

SHA-256: 94571439b70694a7b0645095e3bfa7c443eb493138625575692355ad6e431a4a

log4j-debuginfo-1.2.14-6.5.el6_10.s390x.rpm

SHA-256: ae2835f3ad1e0168f995d48cca51b4270cd5c8d3cdb26f0d16950d241f0d8434

log4j-debuginfo-1.2.14-6.5.el6_10.s390x.rpm

SHA-256: ae2835f3ad1e0168f995d48cca51b4270cd5c8d3cdb26f0d16950d241f0d8434

log4j-javadoc-1.2.14-6.5.el6_10.s390x.rpm

SHA-256: 7754b88ca76e72ec22d7d02f28158ccdf2208f80a361f5ed0ab515d6ce16fe3d

log4j-manual-1.2.14-6.5.el6_10.s390x.rpm

SHA-256: ae80f9eb0cfa5ef310ee04b43ba2e11caff8d27fe4617d81d1b33985cb74a282

Red Hat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions 7.7

SRPM

log4j-1.2.17-17.el7_4.src.rpm

SHA-256: d85ea4787fa5728bd165d8b91f8ca87336aaa40196b4e6a8b578abda1e81629a

ppc64le

log4j-1.2.17-17.el7_4.noarch.rpm

SHA-256: f080946fcf6f950cd80acc11eff4b3bf449fe66e6c414b47bab1558ebe263ee9

log4j-javadoc-1.2.17-17.el7_4.noarch.rpm

SHA-256: ab1f5fb8f5b3d3a6350739c5721718bb36374cfab9c38242df75856b9190a173

log4j-manual-1.2.17-17.el7_4.noarch.rpm

SHA-256: 8c0ba0de68cb242456e67d830a8c499e6d8c8ce3f171290f81514044356602a3

Red Hat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions 7.6

SRPM

log4j-1.2.17-17.el7_4.src.rpm

SHA-256: d85ea4787fa5728bd165d8b91f8ca87336aaa40196b4e6a8b578abda1e81629a

ppc64le

log4j-1.2.17-17.el7_4.noarch.rpm

SHA-256: f080946fcf6f950cd80acc11eff4b3bf449fe66e6c414b47bab1558ebe263ee9

log4j-javadoc-1.2.17-17.el7_4.noarch.rpm

SHA-256: ab1f5fb8f5b3d3a6350739c5721718bb36374cfab9c38242df75856b9190a173

log4j-manual-1.2.17-17.el7_4.noarch.rpm

SHA-256: 8c0ba0de68cb242456e67d830a8c499e6d8c8ce3f171290f81514044356602a3

Red Hat Enterprise Linux Server - Update Services for SAP Solutions 7.7

SRPM

log4j-1.2.17-17.el7_4.src.rpm

SHA-256: d85ea4787fa5728bd165d8b91f8ca87336aaa40196b4e6a8b578abda1e81629a

x86_64

log4j-1.2.17-17.el7_4.noarch.rpm

SHA-256: f080946fcf6f950cd80acc11eff4b3bf449fe66e6c414b47bab1558ebe263ee9

log4j-javadoc-1.2.17-17.el7_4.noarch.rpm

SHA-256: ab1f5fb8f5b3d3a6350739c5721718bb36374cfab9c38242df75856b9190a173

log4j-manual-1.2.17-17.el7_4.noarch.rpm

SHA-256: 8c0ba0de68cb242456e67d830a8c499e6d8c8ce3f171290f81514044356602a3

Red Hat Enterprise Linux Server - Update Services for SAP Solutions 7.6

SRPM

log4j-1.2.17-17.el7_4.src.rpm

SHA-256: d85ea4787fa5728bd165d8b91f8ca87336aaa40196b4e6a8b578abda1e81629a

x86_64

log4j-1.2.17-17.el7_4.noarch.rpm

SHA-256: f080946fcf6f950cd80acc11eff4b3bf449fe66e6c414b47bab1558ebe263ee9

log4j-javadoc-1.2.17-17.el7_4.noarch.rpm

SHA-256: ab1f5fb8f5b3d3a6350739c5721718bb36374cfab9c38242df75856b9190a173

log4j-manual-1.2.17-17.el7_4.noarch.rpm

SHA-256: 8c0ba0de68cb242456e67d830a8c499e6d8c8ce3f171290f81514044356602a3

Red Hat Security Data: Latest News

RHSA-2023:5627: Red Hat Security Advisory: kernel security, bug fix, and enhancement update
Red Hat Security Data