You are here
Home > Preporuke > Sigurnosni nedostatak programskog paketa slf4j

Sigurnosni nedostatak programskog paketa slf4j

  • Detalji os-a: WN7
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LFE

——————————————————————————–
Fedora Update Notification
FEDORA-2018-a46b358764
2018-03-29 15:52:12.354170
——————————————————————————–

Name : slf4j
Product : Fedora 26
Version : 1.7.22
Release : 5.fc26
URL : http://www.slf4j.org/
Summary : Simple Logging Facade for Java
Description :
The Simple Logging Facade for Java or (SLF4J) is intended to serve
as a simple facade for various logging APIs allowing to the end-user
to plug in the desired implementation at deployment time. SLF4J also
allows for a gradual migration path away from
Jakarta Commons Logging (JCL).

Logging API implementations can either choose to implement the
SLF4J interfaces directly, e.g. NLOG4J or SimpleLogger. Alternatively,
it is possible (and rather easy) to write SLF4J adapters for the given
API implementation, e.g. Log4jLoggerAdapter or JDK14LoggerAdapter..

——————————————————————————–
Update Information:

Security fix for CVE-2018-8088
——————————————————————————–
References:

[ 1 ] Bug #1548909 – CVE-2018-8088 slf4j: Deserialisation vulnerability in EventData constructor can allow for arbitrary code execution
https://bugzilla.redhat.com/show_bug.cgi?id=1548909
——————————————————————————–

This update can be installed with the “dnf” update program. Use
su -c ‘dnf upgrade slf4j’ at the command line.
For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list — package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

——————————————————————————–
Fedora Update Notification
FEDORA-2018-a4353f97db
2018-03-29 16:19:28.320604
——————————————————————————–

Name : slf4j
Product : Fedora 27
Version : 1.7.25
Release : 4.fc27
URL : http://www.slf4j.org/
Summary : Simple Logging Facade for Java
Description :
The Simple Logging Facade for Java or (SLF4J) is intended to serve
as a simple facade for various logging APIs allowing to the end-user
to plug in the desired implementation at deployment time. SLF4J also
allows for a gradual migration path away from
Jakarta Commons Logging (JCL).

Logging API implementations can either choose to implement the
SLF4J interfaces directly, e.g. NLOG4J or SimpleLogger. Alternatively,
it is possible (and rather easy) to write SLF4J adapters for the given
API implementation, e.g. Log4jLoggerAdapter or JDK14LoggerAdapter..

——————————————————————————–
Update Information:

Security fix for CVE-2018-8088
——————————————————————————–
References:

[ 1 ] Bug #1548909 – CVE-2018-8088 slf4j: Deserialisation vulnerability in EventData constructor can allow for arbitrary code execution
https://bugzilla.redhat.com/show_bug.cgi?id=1548909
——————————————————————————–

This update can be installed with the “dnf” update program. Use
su -c ‘dnf upgrade slf4j’ at the command line.
For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list — package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

AutorVlatka Misic
Cert idNCERT-REF-2018-03-0001-ADV
CveCERT-CVE-DUMMY
ID izvornikaCERT-ORIGID-DUMMY
ProizvodCERT-DUMMY-PRODUCT
IzvorAdobe
Top
More in Preporuke
Sigurnosni nedostatak programskog paketa unboundid-ldapsdk

Otkriven je sigurnosni nedostatak u programskom paketu unboundid-ldapsdk za operacijski sustav Fedora. Otkriveni nedostatak potencijalnim napadačima omogućuje oponašanje drugog korisnika...

Close