Log4j

Support for security such as Firewalls and securing linux
Post Reply
Brath
Posts: 2
Joined: 2022/01/18 15:45:13

Log4j

Post by Brath » 2022/01/18 15:54:25

Good day,

Is there a Centos 7 security update for the Apache Log4j and Log4j2? If so, where can it be located?
Attachments
LOG4J.jpg
LOG4J.jpg (53.67 KiB) Viewed 6009 times

User avatar
TrevorH
Site Admin
Posts: 33191
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: Log4j

Post by TrevorH » 2022/01/18 16:01:21

The log4j package in CentOS 7 is v1 not the v2 that the well known bug reports are all talking about. The same bug does not exist in the v1 package but there is still a patched version that you should be using: log4j-1.2.17-17.el7_4.noarch

Code: Select all

[root@centos7 ~]# rpm -q --changelog log4j-1.2.17-17.el7_4.noarch 
* Wed Dec 15 2021 Mikolaj Izdebski <mizdebsk@redhat.com> - 0:1.2.17-17
- Fix remote code execution vulnerability
- Resolves: CVE-2021-4104

* Tue Jul 11 2017 Mikolaj Izdebski <mizdebsk@redhat.com> - 0:1.2.17-16
Also be aware that many of the things that use log4j bundle their own copies of the code so you may need to check that the things you run on your server do not do this and if they do, request updates from suppliers.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

Brath
Posts: 2
Joined: 2022/01/18 15:45:13

Re: Log4j

Post by Brath » 2022/01/18 16:15:20

Thank you

Post Reply