It was found that the fix to address CVE-2021-44228 in Apache Log4j, a Logging Framework for Java, was incomplete in certain non-default configurations. This could allow attackers with control over Thread Context Map input data when the logging configuration uses a non-default Pattern Layout with either a Context Lookup or a Thread Context Map pattern to craft malicious input data using a JNDI ...
Chen Zhaojun of Alibaba Cloud Security Team discovered a critical security vulnerability in Apache Log4j, a popular Logging Framework for Java. JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LD ...
Amazon Kinesis Agent versions within Amazon Linux 2 prior to aws-kinesis-agent-2.0.4-1 included a version of Apache Log4j affected by CVE-2021-44228 and CVE-2021-45046. The Amazon Kinesis Agent has been updated to aws-kinesis-agent-2.0.4-1 within Amazon Linux 2 that mitigates CVE-2021-44228 and CVE-2021-45046. For additional detail see https://github.com/awslabs/amazon-kinesis-agent.
No versions of an Amazon Linux Java Virtual Machine are affected by CVE-2021-44228 or CVE-2021-45046. However, if customers load a log4j version that is affected by CVE-2021-44228 or CVE-2021-45046 into an Amazon Linux JVM, it will introduce the issues identified in CVE-2021-44228 and CVE-2021-45046 into the JVM. This update modifies Amazon Linux packages that provide a JVM to also install the AW ...
No versions of an Amazon Linux Java Virtual Machine are affected by CVE-2021-44228 or CVE-2021-45046. However, if customers load a log4j version that is affected by CVE-2021-44228 or CVE-2021-45046 into an Amazon Linux JVM, it will introduce the issues identified in CVE-2021-44228 and CVE-2021-45046 into the JVM. This update modifies Amazon Linux packages that provide a JVM to also install the AW ...
No versions of an Amazon Linux Java Virtual Machine are affected by CVE-2021-44228 or CVE-2021-45046. However, if customers load a log4j version that is affected by CVE-2021-44228 or CVE-2021-45046 into an Amazon Linux JVM, it will introduce the issues identified in CVE-2021-44228 and CVE-2021-45046 into the JVM. This update modifies Amazon Linux packages that provide a JVM to also install the AW ...
The ncurses library routines are a terminal-independent method of updating character screens with reasonable optimization. The ncurses packages contain support utilities including a terminfo compiler tic, a decompiler infocmp, clear, tput, tset, and a termcap conversion tool captoinfo. Security Fix: * ncurses: heap-based buffer overflow in the _nc_find_entry function in tinfo/comp_hash.c * ncurs ...