On Tue, Dec 14, 2021 at 10:17 PM integer GmbH <supp...@integer-it.de> wrote:
> Hello Ubuntu-Team, > can you please tell me if the follwoing software is affected by the Log4J > exploit? > *disclaimer: I'm not from the security team and this is not a definitive or formal answer* Hi, In general for CVEs you'd want to check the https://ubuntu.com/security entry for it. It will mention its status, affected packages and link to further ressources one should know about. In this case the links to USN and the wiki page are very helpful as well. In this case that is at: https://ubuntu.com/security/CVE-2021-44228 The TL;DR could be, you do not list the affected package "apache-log4j1.2", so not affected. But TBH your customers website clearly runs apache2 + php which isn't listed here. Might there also be some java or any other solution (like an appliance which sometimes aren't transparent what they use internally) that uses log4j2, no one here would know. python3.8 > python3.8-minimal > python3-appdirs > python3-apt > python3-certifi > python3-chardet > python3-crypto > python3-dbus > python3-distlib > python3-distro > python3-distro-info > python3-distupgrade > python3-distutils > python3-dnspython > python3-filelock > python3-gi > python3-gpg > python3-idna > python3-importlib-metadata > python3-ldb > python3-lib2to3 > python3-markdown > python3-minimal > python3-more-itertools > python3-netifaces > python3-packaging > python3-pkg-resources > python3-pygments > python3-pyparsing > python3-requests > python3-samba > python3-six > python3-talloc > python3-tdb > python3-update-manager > python3-urllib3 > python3-virtualenv > python3-yaml > python3-zipp > python3.6-minimal > readline-common > rename > resolvconf > rsync > rsyslog > samba > samba-common > samba-common-bin > samba-dsdb-modules > samba-libs > samba-vfs-modules > sed > sensible-utils > shared-mime-info > socat > squid > squid-common > squid-langpack > ssl-cert > sudo > systemd > systemd-sysv > systemd-timesyncd > sysvinit-utils > tar > tcpd > tdb-tools > thermald > tzdata > ubuntu-advantage-tools > ubuntu-minimal > ubuntu-release-upgrader-core > ucf > udev > update-inetd > update-manager-core > usb.ids > usbutils > util-linux > vim-common > vim-tiny > virtualenv > wget > whiptail > winbind > xauth > xdg-user-dirs > xkb-data > xxd > xz-utils > zerofree > zlib1g > tasksel > tasksel-data > > Our client Hopfenveredlung St. Johann is using this software and we want > to make sure they are not affected by the Log4J exploit. > > Best Regards > Jonas Böck > > > _ _ _ > integer GmbH Support > Telefon 08252 - 96031 - 10 > | > E-Mail: supp...@integer-it.de > <https://integer.de/> <http://www.integer-it.de/> > Hans-Sachs-Weg 25 > | > 86529 > Schrobenhausen > Registergericht: Amtsgericht Ingolstadt > Registernummer: HRB 7821 > Geschäftsführer: Luise Krammer > Allgemeine Datenschutzhinweise: > *https://integer-it.de/ds.html* <http://www.integer-it.de/ds.html> > Folgen Sie uns auf: [image: Facebook] <https://www.facebook.com/integerit> > [image: Instagram] <https://www.instagram.com/integergmbh/>F > > > <https://heyalter.com/schrobenhausen/> > <https://heyalter.com/schrobenhausen/> > <https://heyalter.com/schrobenhausen/> > _ _ _ > > > -- > Ubuntu-devel-discuss mailing list > Ubuntu-devel-discuss@lists.ubuntu.com > Modify settings or unsubscribe at: > https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss > -- Christian Ehrhardt Staff Engineer, Ubuntu Server Canonical Ltd
-- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
