Security
Headlines
HeadlinesLatestCVEs

Headline

RHSA-2022:0442: Red Hat Security Advisory: log4j security update

An update for log4j is now available for Red Hat Enterprise Linux 6 Extended Lifecycle Support, Red Hat Enterprise Linux 7, Red Hat Enterprise Linux 7.3 Advanced Update Support, Red Hat Enterprise Linux 7.4 Advanced Update Support, Red Hat Enterprise Linux 7.6 Advanced Update Support, Red Hat Enterprise Linux 7.6 Telco Extended Update Support, Red Hat Enterprise Linux 7.6 Update Services for SAP Solutions, Red Hat Enterprise Linux 7.7 Advanced Update Support, Red Hat Enterprise Linux 7.7 Telco Extended Update Support, and Red Hat Enterprise Linux 7.7 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:

  • CVE-2022-23302: log4j: Remote code execution in Log4j 1.x when application is configured to use JMSSink
  • CVE-2022-23305: log4j: SQL injection in Log4j 1.x when application is configured to use JDBCAppender
  • CVE-2022-23307: log4j: Unsafe deserialization flaw in Chainsaw log viewer
Red Hat Security Data
Open in Source
#sql#vulnerability#linux#red_hat#java

Synopsis

Important: log4j security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for log4j is now available for Red Hat Enterprise Linux 6 Extended Lifecycle Support, Red Hat Enterprise Linux 7, Red Hat Enterprise Linux 7.3 Advanced Update Support, Red Hat Enterprise Linux 7.4 Advanced Update Support, Red Hat Enterprise Linux 7.6 Advanced Update Support, Red Hat Enterprise Linux 7.6 Telco Extended Update Support, Red Hat Enterprise Linux 7.6 Update Services for SAP Solutions, Red Hat Enterprise Linux 7.7 Advanced Update Support, Red Hat Enterprise Linux 7.7 Telco Extended Update Support, and Red Hat Enterprise Linux 7.7 Update Services for SAP Solutions.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Log4j is a tool to help the programmer output log statements to a variety of output targets.

Security Fix(es):

  • log4j: SQL injection in Log4j 1.x when application is configured to use JDBCAppender (CVE-2022-23305)
  • log4j: Unsafe deserialization flaw in Chainsaw log viewer (CVE-2022-23307)
  • log4j: Remote code execution in Log4j 1.x when application is configured to use JMSSink (CVE-2022-23302)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Affected Products

  • Red Hat Enterprise Linux Server 7 x86_64
  • Red Hat Enterprise Linux Server - AUS 7.7 x86_64
  • Red Hat Enterprise Linux Server - AUS 7.6 x86_64
  • Red Hat Enterprise Linux Server - AUS 7.4 x86_64
  • Red Hat Enterprise Linux Server - AUS 7.3 x86_64
  • Red Hat Enterprise Linux Workstation 7 x86_64
  • Red Hat Enterprise Linux Desktop 7 x86_64
  • Red Hat Enterprise Linux for IBM z Systems 7 s390x
  • Red Hat Enterprise Linux for Power, big endian 7 ppc64
  • Red Hat Enterprise Linux for Scientific Computing 7 x86_64
  • Red Hat Enterprise Linux for Power, little endian 7 ppc64le
  • Red Hat Enterprise Linux Server - TUS 7.7 x86_64
  • Red Hat Enterprise Linux Server - TUS 7.6 x86_64
  • Red Hat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions 7.7 ppc64le
  • Red Hat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions 7.6 ppc64le
  • Red Hat Enterprise Linux Server - Update Services for SAP Solutions 7.7 x86_64
  • Red Hat Enterprise Linux Server - Update Services for SAP Solutions 7.6 x86_64

Fixes

  • BZ - 2041949 - CVE-2022-23302 log4j: Remote code execution in Log4j 1.x when application is configured to use JMSSink
  • BZ - 2041959 - CVE-2022-23305 log4j: SQL injection in Log4j 1.x when application is configured to use JDBCAppender
  • BZ - 2041967 - CVE-2022-23307 log4j: Unsafe deserialization flaw in Chainsaw log viewer

Red Hat Enterprise Linux Server 7

SRPM

log4j-1.2.17-18.el7_4.src.rpm

SHA-256: 9bad919e94fd8aa0b05be9a66ddc5514fa3501b2f08e2877dfbf75d77dd2c668

x86_64

log4j-1.2.17-18.el7_4.noarch.rpm

SHA-256: 11d8eb18af9251b6b9354935b41534886a9c827833057a2fff08e60562d50a8b

log4j-javadoc-1.2.17-18.el7_4.noarch.rpm

SHA-256: c3312dbc52a19c7d8a60df3ddb44dd41274125a2b222f668f55d72ae1f8774f8

log4j-manual-1.2.17-18.el7_4.noarch.rpm

SHA-256: 88541087bf4df4afda456729cfc7b05e67cf34b6e4b5af14aca82ececaf1f6f2

Red Hat Enterprise Linux Server - AUS 7.7

SRPM

log4j-1.2.17-18.el7_4.src.rpm

SHA-256: 9bad919e94fd8aa0b05be9a66ddc5514fa3501b2f08e2877dfbf75d77dd2c668

x86_64

log4j-1.2.17-18.el7_4.noarch.rpm

SHA-256: 11d8eb18af9251b6b9354935b41534886a9c827833057a2fff08e60562d50a8b

log4j-javadoc-1.2.17-18.el7_4.noarch.rpm

SHA-256: c3312dbc52a19c7d8a60df3ddb44dd41274125a2b222f668f55d72ae1f8774f8

log4j-manual-1.2.17-18.el7_4.noarch.rpm

SHA-256: 88541087bf4df4afda456729cfc7b05e67cf34b6e4b5af14aca82ececaf1f6f2

Red Hat Enterprise Linux Server - AUS 7.6

SRPM

log4j-1.2.17-18.el7_4.src.rpm

SHA-256: 9bad919e94fd8aa0b05be9a66ddc5514fa3501b2f08e2877dfbf75d77dd2c668

x86_64

log4j-1.2.17-18.el7_4.noarch.rpm

SHA-256: 11d8eb18af9251b6b9354935b41534886a9c827833057a2fff08e60562d50a8b

log4j-javadoc-1.2.17-18.el7_4.noarch.rpm

SHA-256: c3312dbc52a19c7d8a60df3ddb44dd41274125a2b222f668f55d72ae1f8774f8

log4j-manual-1.2.17-18.el7_4.noarch.rpm

SHA-256: 88541087bf4df4afda456729cfc7b05e67cf34b6e4b5af14aca82ececaf1f6f2

Red Hat Enterprise Linux Server - AUS 7.4

SRPM

log4j-1.2.17-18.el7_4.src.rpm

SHA-256: 9bad919e94fd8aa0b05be9a66ddc5514fa3501b2f08e2877dfbf75d77dd2c668

x86_64

log4j-1.2.17-18.el7_4.noarch.rpm

SHA-256: 11d8eb18af9251b6b9354935b41534886a9c827833057a2fff08e60562d50a8b

log4j-javadoc-1.2.17-18.el7_4.noarch.rpm

SHA-256: c3312dbc52a19c7d8a60df3ddb44dd41274125a2b222f668f55d72ae1f8774f8

log4j-manual-1.2.17-18.el7_4.noarch.rpm

SHA-256: 88541087bf4df4afda456729cfc7b05e67cf34b6e4b5af14aca82ececaf1f6f2

Red Hat Enterprise Linux Server - AUS 7.3

SRPM

log4j-1.2.17-17.el7_3.src.rpm

SHA-256: fd48b4430c1d534f108e4b055c32affe780f89ee8c2733e2359af44ed35882dd

x86_64

log4j-1.2.17-17.el7_3.noarch.rpm

SHA-256: 173b38609528a3b7f90f446f4841256749c4a3fe37f38fd24cb2bc2eb165ac7a

log4j-javadoc-1.2.17-17.el7_3.noarch.rpm

SHA-256: b8fb150c965011e2f7a8e387941dc728505ac48beb629aa3da7d1b50ed181fcc

log4j-manual-1.2.17-17.el7_3.noarch.rpm

SHA-256: 006aa2a4bf73bfdf00cae1a5db70287697122cc48aa0253f27091c35162c52f7

Red Hat Enterprise Linux Workstation 7

SRPM

log4j-1.2.17-18.el7_4.src.rpm

SHA-256: 9bad919e94fd8aa0b05be9a66ddc5514fa3501b2f08e2877dfbf75d77dd2c668

x86_64

log4j-1.2.17-18.el7_4.noarch.rpm

SHA-256: 11d8eb18af9251b6b9354935b41534886a9c827833057a2fff08e60562d50a8b

log4j-javadoc-1.2.17-18.el7_4.noarch.rpm

SHA-256: c3312dbc52a19c7d8a60df3ddb44dd41274125a2b222f668f55d72ae1f8774f8

log4j-manual-1.2.17-18.el7_4.noarch.rpm

SHA-256: 88541087bf4df4afda456729cfc7b05e67cf34b6e4b5af14aca82ececaf1f6f2

Red Hat Enterprise Linux Desktop 7

SRPM

log4j-1.2.17-18.el7_4.src.rpm

SHA-256: 9bad919e94fd8aa0b05be9a66ddc5514fa3501b2f08e2877dfbf75d77dd2c668

x86_64

log4j-1.2.17-18.el7_4.noarch.rpm

SHA-256: 11d8eb18af9251b6b9354935b41534886a9c827833057a2fff08e60562d50a8b

log4j-javadoc-1.2.17-18.el7_4.noarch.rpm

SHA-256: c3312dbc52a19c7d8a60df3ddb44dd41274125a2b222f668f55d72ae1f8774f8

log4j-manual-1.2.17-18.el7_4.noarch.rpm

SHA-256: 88541087bf4df4afda456729cfc7b05e67cf34b6e4b5af14aca82ececaf1f6f2

Red Hat Enterprise Linux for IBM z Systems 7

SRPM

log4j-1.2.17-18.el7_4.src.rpm

SHA-256: 9bad919e94fd8aa0b05be9a66ddc5514fa3501b2f08e2877dfbf75d77dd2c668

s390x

log4j-1.2.17-18.el7_4.noarch.rpm

SHA-256: 11d8eb18af9251b6b9354935b41534886a9c827833057a2fff08e60562d50a8b

log4j-javadoc-1.2.17-18.el7_4.noarch.rpm

SHA-256: c3312dbc52a19c7d8a60df3ddb44dd41274125a2b222f668f55d72ae1f8774f8

log4j-manual-1.2.17-18.el7_4.noarch.rpm

SHA-256: 88541087bf4df4afda456729cfc7b05e67cf34b6e4b5af14aca82ececaf1f6f2

Red Hat Enterprise Linux for Power, big endian 7

SRPM

log4j-1.2.17-18.el7_4.src.rpm

SHA-256: 9bad919e94fd8aa0b05be9a66ddc5514fa3501b2f08e2877dfbf75d77dd2c668

ppc64

log4j-1.2.17-18.el7_4.noarch.rpm

SHA-256: 11d8eb18af9251b6b9354935b41534886a9c827833057a2fff08e60562d50a8b

log4j-javadoc-1.2.17-18.el7_4.noarch.rpm

SHA-256: c3312dbc52a19c7d8a60df3ddb44dd41274125a2b222f668f55d72ae1f8774f8

log4j-manual-1.2.17-18.el7_4.noarch.rpm

SHA-256: 88541087bf4df4afda456729cfc7b05e67cf34b6e4b5af14aca82ececaf1f6f2

Red Hat Enterprise Linux for Scientific Computing 7

SRPM

log4j-1.2.17-18.el7_4.src.rpm

SHA-256: 9bad919e94fd8aa0b05be9a66ddc5514fa3501b2f08e2877dfbf75d77dd2c668

x86_64

log4j-1.2.17-18.el7_4.noarch.rpm

SHA-256: 11d8eb18af9251b6b9354935b41534886a9c827833057a2fff08e60562d50a8b

log4j-javadoc-1.2.17-18.el7_4.noarch.rpm

SHA-256: c3312dbc52a19c7d8a60df3ddb44dd41274125a2b222f668f55d72ae1f8774f8

log4j-manual-1.2.17-18.el7_4.noarch.rpm

SHA-256: 88541087bf4df4afda456729cfc7b05e67cf34b6e4b5af14aca82ececaf1f6f2

Red Hat Enterprise Linux for Power, little endian 7

SRPM

log4j-1.2.17-18.el7_4.src.rpm

SHA-256: 9bad919e94fd8aa0b05be9a66ddc5514fa3501b2f08e2877dfbf75d77dd2c668

ppc64le

log4j-1.2.17-18.el7_4.noarch.rpm

SHA-256: 11d8eb18af9251b6b9354935b41534886a9c827833057a2fff08e60562d50a8b

log4j-javadoc-1.2.17-18.el7_4.noarch.rpm

SHA-256: c3312dbc52a19c7d8a60df3ddb44dd41274125a2b222f668f55d72ae1f8774f8

log4j-manual-1.2.17-18.el7_4.noarch.rpm

SHA-256: 88541087bf4df4afda456729cfc7b05e67cf34b6e4b5af14aca82ececaf1f6f2

Red Hat Enterprise Linux Server - TUS 7.7

SRPM

log4j-1.2.17-18.el7_4.src.rpm

SHA-256: 9bad919e94fd8aa0b05be9a66ddc5514fa3501b2f08e2877dfbf75d77dd2c668

x86_64

log4j-1.2.17-18.el7_4.noarch.rpm

SHA-256: 11d8eb18af9251b6b9354935b41534886a9c827833057a2fff08e60562d50a8b

log4j-javadoc-1.2.17-18.el7_4.noarch.rpm

SHA-256: c3312dbc52a19c7d8a60df3ddb44dd41274125a2b222f668f55d72ae1f8774f8

log4j-manual-1.2.17-18.el7_4.noarch.rpm

SHA-256: 88541087bf4df4afda456729cfc7b05e67cf34b6e4b5af14aca82ececaf1f6f2

Red Hat Enterprise Linux Server - TUS 7.6

SRPM

log4j-1.2.17-18.el7_4.src.rpm

SHA-256: 9bad919e94fd8aa0b05be9a66ddc5514fa3501b2f08e2877dfbf75d77dd2c668

x86_64

log4j-1.2.17-18.el7_4.noarch.rpm

SHA-256: 11d8eb18af9251b6b9354935b41534886a9c827833057a2fff08e60562d50a8b

log4j-javadoc-1.2.17-18.el7_4.noarch.rpm

SHA-256: c3312dbc52a19c7d8a60df3ddb44dd41274125a2b222f668f55d72ae1f8774f8

log4j-manual-1.2.17-18.el7_4.noarch.rpm

SHA-256: 88541087bf4df4afda456729cfc7b05e67cf34b6e4b5af14aca82ececaf1f6f2

Red Hat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions 7.7

SRPM

log4j-1.2.17-18.el7_4.src.rpm

SHA-256: 9bad919e94fd8aa0b05be9a66ddc5514fa3501b2f08e2877dfbf75d77dd2c668

ppc64le

log4j-1.2.17-18.el7_4.noarch.rpm

SHA-256: 11d8eb18af9251b6b9354935b41534886a9c827833057a2fff08e60562d50a8b

log4j-javadoc-1.2.17-18.el7_4.noarch.rpm

SHA-256: c3312dbc52a19c7d8a60df3ddb44dd41274125a2b222f668f55d72ae1f8774f8

log4j-manual-1.2.17-18.el7_4.noarch.rpm

SHA-256: 88541087bf4df4afda456729cfc7b05e67cf34b6e4b5af14aca82ececaf1f6f2

Red Hat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions 7.6

SRPM

log4j-1.2.17-18.el7_4.src.rpm

SHA-256: 9bad919e94fd8aa0b05be9a66ddc5514fa3501b2f08e2877dfbf75d77dd2c668

ppc64le

log4j-1.2.17-18.el7_4.noarch.rpm

SHA-256: 11d8eb18af9251b6b9354935b41534886a9c827833057a2fff08e60562d50a8b

log4j-javadoc-1.2.17-18.el7_4.noarch.rpm

SHA-256: c3312dbc52a19c7d8a60df3ddb44dd41274125a2b222f668f55d72ae1f8774f8

log4j-manual-1.2.17-18.el7_4.noarch.rpm

SHA-256: 88541087bf4df4afda456729cfc7b05e67cf34b6e4b5af14aca82ececaf1f6f2

Red Hat Enterprise Linux Server - Update Services for SAP Solutions 7.7

SRPM

log4j-1.2.17-18.el7_4.src.rpm

SHA-256: 9bad919e94fd8aa0b05be9a66ddc5514fa3501b2f08e2877dfbf75d77dd2c668

x86_64

log4j-1.2.17-18.el7_4.noarch.rpm

SHA-256: 11d8eb18af9251b6b9354935b41534886a9c827833057a2fff08e60562d50a8b

log4j-javadoc-1.2.17-18.el7_4.noarch.rpm

SHA-256: c3312dbc52a19c7d8a60df3ddb44dd41274125a2b222f668f55d72ae1f8774f8

log4j-manual-1.2.17-18.el7_4.noarch.rpm

SHA-256: 88541087bf4df4afda456729cfc7b05e67cf34b6e4b5af14aca82ececaf1f6f2

Red Hat Enterprise Linux Server - Update Services for SAP Solutions 7.6

SRPM

log4j-1.2.17-18.el7_4.src.rpm

SHA-256: 9bad919e94fd8aa0b05be9a66ddc5514fa3501b2f08e2877dfbf75d77dd2c668

x86_64

log4j-1.2.17-18.el7_4.noarch.rpm

SHA-256: 11d8eb18af9251b6b9354935b41534886a9c827833057a2fff08e60562d50a8b

log4j-javadoc-1.2.17-18.el7_4.noarch.rpm

SHA-256: c3312dbc52a19c7d8a60df3ddb44dd41274125a2b222f668f55d72ae1f8774f8

log4j-manual-1.2.17-18.el7_4.noarch.rpm

SHA-256: 88541087bf4df4afda456729cfc7b05e67cf34b6e4b5af14aca82ececaf1f6f2

Red Hat Security Data: Latest News

RHSA-2023:5627: Red Hat Security Advisory: kernel security, bug fix, and enhancement update
Red Hat Security Data