14 Dec
2021
14 Dec
'21
4:28 p.m.
On Tue, 2021-12-14 at 14:31 +0100, Steve Meier wrote:
Hello Steve,
Am 2021-12-14 14:14, schrieb Steve Clark:
This is the standard version that comes with CentOS 7 and is the latest available as of a yum update just now. log4j-1.2.17-16.el7_4.noarch
yes, that's correct, but it is abandoned nonetheless.
According to the RPM's change log, Red Hat backported a fix for CVE-2017-5645. They have not done this for CVE-2019-17571 it seems. I would be very surprised if they'd do so now.
https://access.redhat.com/node/4677071According to that link CVE-2019-17571 is the same issue as CVE-2017- 5645 and both are listed as fixed in this errata: https://access.redhat.com/errata/RHSA-2017:2423
So I think it's fixed. Best regards, markus