[SECURITY] [DLA 2065-1] apache-log4j1.2 security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Package : apache-log4j1.2
Version : 1.2.17-5+deb8u1
CVE ID : CVE-2019-17571
Debian Bug : 947124
Included in Log4j 1.2, a logging library for Java, is a SocketServer
class that is vulnerable to deserialization of untrusted data which can
be exploited to remotely execute arbitrary code when combined with a
deserialization gadget when listening to untrusted network traffic for
log data.
For Debian 8 "Jessie", this problem has been fixed in version
1.2.17-5+deb8u1.
We recommend that you upgrade your apache-log4j1.2 packages.
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAl4bnUZfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7
UeQj9A//fj+646kgFmutWbGcU9MXIeSJnthH3rjSpDcAHOX0v+TseuUGqNqNgW4N
3qTXS1D9kEscy1wxwkv1R/5nwKK5EEYodsZ2+yuWTg6NenYX8N5bMJHZBTfWcHHI
kw/j51SQZSn9/9kzc3jMVOMH49swen4Ke8MMlKuSd7Dymw+Y/u+Pdv+dl0G8lsIm
y3oNeQSaKUx/Ctz/buG6ov1oKGas5+fTlekC9v+zdtEKNDFar0rnkumLDCzeVzYW
6DOFKyx5G463w05YvWVJJuelUuRO1QcsQUF2y5Y8ujUcz02da1V3tH2hDqIM0IJS
dJXrzGsperSeAAPUr5uu93vw7PDlzDlnCbfN7NGGY/AH0XoO27fxuORbtkMI7xmM
cG7nqGI4AJuR/8svbQfYtvrYSCfpctLvO6gB5kCOpB042bujYdPK2Iqgm6jD9vjT
4EOATCZGw4nyNohTWNTJAZpESP2IsBw7yIVZlXs/1CRbRjAia9IqRVj7skRnYg5V
C9zvRIZ6xnyPwbLBbjkWyTlFCL9Y6/roKpG1lOQkpyEZzC2lUjGq499Gpj2Uh34p
WHppDDCBE71lETSAtdK5+AnboDmoPzPr8flskmdAdChccfhdrB/lHzLFzOI6AtV2
bAqncXYWvuDba6hURO0Cw+YybU1T3/ND29n0UqX1gOIDvXFayQI=
=Fs7B
-----END PGP SIGNATURE-----
Reply to: