<![CDATA[Dev1 Galaxy Forum / Log4j vulnerabilty - Yet again]]> http://dev1galaxy.org/viewtopic.php?id=5000 Mon, 25 Apr 2022 13:59:36 +0000 FluxBB <![CDATA[Re: Log4j vulnerabilty - Yet again]]> http://dev1galaxy.org/viewtopic.php?pid=35747#p35747 Hello:

Head_on_a_Stick wrote:

... fixed the bug with patches that introduced more bugs?

Yes ...
Which would mean that maybe they really didn't fix anything.

ie: just made it worse.

Fortunately I was able to purge that from my box.

Best,

A.

]]> Mon, 25 Apr 2022 13:59:36 +0000 http://dev1galaxy.org/viewtopic.php?pid=35747#p35747 <![CDATA[Re: Log4j vulnerabilty - Yet again]]> http://dev1galaxy.org/viewtopic.php?pid=35746#p35746 So they fixed the bug with patches that introduced more bugs? Isn't software great! I'm beginning to think Sturgeon was an optimist...

]]> Mon, 25 Apr 2022 13:33:12 +0000 http://dev1galaxy.org/viewtopic.php?pid=35746#p35746 <![CDATA[Log4j vulnerabilty - Yet again]]> http://dev1galaxy.org/viewtopic.php?pid=35707#p35707 Hello:

For those who have not purged log4j from their systems:

Originally mentioned here (late December 2021) at Dev1 by hevidevi here ...

https://dev1galaxy.org/viewtopic.php?id=4715

... and then press here:

https://www.theregister.com/2022/03/16/ … net_log4j/

We now have this:

https://www.theregister.com/2022/04/20/ … j_patches/

Jessica Lyons Hardcastle @ The Register wrote:

Amazon Web Services has updated its Log4j security patches after it was discovered the original fixes made customer deployments vulnerable to container escape and privilege escalation.

The vulnerabilities introduced by Amazon's Log4j hotpatch – CVE-2021-3100, CVE-2021-3101, CVE-2022-0070, CVE-2022-0071 – are all high-severity bugs rated 8.8 out of 10 on the CVSS.

A.

]]> Thu, 21 Apr 2022 10:57:08 +0000 http://dev1galaxy.org/viewtopic.php?pid=35707#p35707