Bug 14204

Summary: [CVE 21] log4j 1.2.17 CVE
Product: [ROSA-based products] ROSA Fresh Reporter: Vladimir Potapov <v.potapov>
Component: Packages from MainAssignee: ROSA Linux Bugs <bugs>
Status: RESOLVED FIXED QA Contact: ROSA Linux Bugs <bugs>
Severity: blocker    
Priority: Highest Flags: v.potapov: secteam_verified?
Version: All   
Target Milestone: ---   
Hardware: All   
OS: Linux   
URL: CVE-2020-9493,CVE-2023-26464
Whiteboard:
Platform: --- ROSA Vulnerability identifier:
RPM Package: ISO-related:
Bad POT generating: Upstream:

Description Vladimir Potapov 2024-01-10 12:46:55 MSK 
https://nvd.nist.gov/vuln/detail/CVE-2020-9493 Critical!
Comment 1 Vladimir Potapov 2024-01-10 12:50:01 MSK 
https://nvd.nist.gov/vuln/detail/CVE-2023-26464 high!
Comment 2 Vladimir Potapov 2024-01-10 13:08:40 MSK 
(In reply to Vladimir Potapov from comment #1)
> https://nvd.nist.gov/vuln/detail/CVE-2023-26464 high!

https://www.suse.com/security/cve/CVE-2023-26464.html - только для jre<1.7
Comment 3 Vladimir Potapov 2024-01-11 05:34:35 MSK 
(In reply to Vladimir Potapov from comment #0)
> https://nvd.nist.gov/vuln/detail/CVE-2020-9493 Critical!
Это то же самое, что
https://security-tracker.debian.org/tracker/CVE-2022-23307
И она уже исправлена
https://abf.io/import/log4j12/blob/rosa2021.15/CVE-2022-23307.patch