Good day,
Is there a Centos 7 security update for the Apache Log4j and Log4j2? If so, where can it be located?
Log4j
Re: Log4j
The log4j package in CentOS 7 is v1 not the v2 that the well known bug reports are all talking about. The same bug does not exist in the v1 package but there is still a patched version that you should be using: log4j-1.2.17-17.el7_4.noarch
Also be aware that many of the things that use log4j bundle their own copies of the code so you may need to check that the things you run on your server do not do this and if they do, request updates from suppliers.
Code: Select all
[root@centos7 ~]# rpm -q --changelog log4j-1.2.17-17.el7_4.noarch
* Wed Dec 15 2021 Mikolaj Izdebski <mizdebsk@redhat.com> - 0:1.2.17-17
- Fix remote code execution vulnerability
- Resolves: CVE-2021-4104
* Tue Jul 11 2017 Mikolaj Izdebski <mizdebsk@redhat.com> - 0:1.2.17-16
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke