[CentOS-devel] Fw: [CentOS-announce] CESA-2022:0442 Important CentOS 7 log4j Security Update

Wed Mar 2 16:02:20 UTC 2022
Johnny Hughes <johnny at centos.org>

CentOS 7 rebuilds what is released for RHEL 7 (the Source Code).

CentOS doesn't (and never has) certified anything.  If you need 
Certified Software or Service Level Agreements or Software Assurance, 
that is what RHEL is for.

Thanks,
Johnny Hughes

On 3/2/22 09:00, Kumar, Sanjeev via CentOS-devel wrote:
> Hi John (Johnny Hughes),
> 
> Is there a way to get this latest log4j 1.2.17 version be certified as a 
> supported version in the Tenable Plugin Alert as seen below:
> 
> https://www.tenable.com/plugins/nessus/156032 
> <https://www.tenable.com/plugins/nessus/156032>
> 
> Since the fix is officially deployed in the mirrors, wouldn't that make 
> the 1.2.17 version a supported version for the nessus plugin?
> 
> Regards,
> Sanjeev
> ------------------------------------------------------------------------
> *From:* CentOS-announce <centos-announce-bounces at centos.org> on behalf 
> of Johnny Hughes <johnny at centos.org>
> *Sent:* Monday, February 7, 2022 11:47 AM
> *To:* centos-announce at centos.org <centos-announce at centos.org>
> *Subject:* [CentOS-announce] CESA-2022:0442 Important CentOS 7 log4j 
> Security Update
> Warning: Replies to this message will go to 
> centos-announce-bounces at centos.org. If you are unsure this is correct 
> please contact the helpdesk.
> 
> CentOS Errata and Security Advisory 2022:0442 Important
> 
> Upstream details at : 
> https://usg02.safelinks.protection.office365.us/?url=https%3A%2F%2Faccess.redhat.com%2Ferrata%2FRHSA-2022%3A0442&data=04%7C01%7Csanjeev.kumar%40bia-boeing.com%7C5bf3fa5591e44bedd6b508d9ea59cd9e%7C930618188e444a1190d0a066b65d501d%7C0%7C0%7C637798493690756156%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=L31Vj6dN0D4ddRNppFNaHdZkK0YU37RRqTNnokMjQgI%3D&reserved=0 
> <https://usg02.safelinks.protection.office365.us/?url=https%3A%2F%2Faccess.redhat.com%2Ferrata%2FRHSA-2022%3A0442&data=04%7C01%7Csanjeev.kumar%40bia-boeing.com%7C5bf3fa5591e44bedd6b508d9ea59cd9e%7C930618188e444a1190d0a066b65d501d%7C0%7C0%7C637798493690756156%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=L31Vj6dN0D4ddRNppFNaHdZkK0YU37RRqTNnokMjQgI%3D&reserved=0>
> 
> The following updated files have been uploaded and are currently
> syncing to the mirrors: ( sha256sum Filename )
> 
> x86_64:
> 1b461b4e217ac5f51d8990aad583c7f189e73fd3220a54053124772b83c42eba  
> log4j-1.2.17-18.el7_4.noarch.rpm
> e4950b148639895cb3ed78b8a00c0708abe4685bd380e0003ebeb947ea1edc42  
> log4j-javadoc-1.2.17-18.el7_4.noarch.rpm
> 7bbf77456d5e310210c4bd541fee70097c26568f34f44184c878e5874e2b57f1  
> log4j-manual-1.2.17-18.el7_4.noarch.rpm
> 
> Source:
> c4224181672eede65a1b3d8f829c9ed475cade9b7234f58c03994f39459ca732  
> log4j-1.2.17-18.el7_4.src.rpm
> 
> 
> 
> -- 
> Johnny Hughes
> CentOS Project { 
> https://usg02.safelinks.protection.office365.us/?url=http%3A%2F%2Fwww.centos.org%2F&data=04%7C01%7Csanjeev.kumar%40bia-boeing.com%7C5bf3fa5591e44bedd6b508d9ea59cd9e%7C930618188e444a1190d0a066b65d501d%7C0%7C0%7C637798493690756156%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=4EqU%2FPDMqOq6tWmMyHP5Cxh6z4bHuv6FBW1KYvI%2BwjE%3D&reserved=0 
> <https://usg02.safelinks.protection.office365.us/?url=http%3A%2F%2Fwww.centos.org%2F&data=04%7C01%7Csanjeev.kumar%40bia-boeing.com%7C5bf3fa5591e44bedd6b508d9ea59cd9e%7C930618188e444a1190d0a066b65d501d%7C0%7C0%7C637798493690756156%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=4EqU%2FPDMqOq6tWmMyHP5Cxh6z4bHuv6FBW1KYvI%2BwjE%3D&reserved=0> 
> }
> irc: hughesjr, #centos at libera.chat
> Twitter: @JohnnyCentOS
> 
> _______________________________________________
> CentOS-announce mailing list
> CentOS-announce at centos.org
> https://usg02.safelinks.protection.office365.us/?url=https%3A%2F%2Flists.centos.org%2Fmailman%2Flistinfo%2Fcentos-announce&data=04%7C01%7Csanjeev.kumar%40bia-boeing.com%7C5bf3fa5591e44bedd6b508d9ea59cd9e%7C930618188e444a1190d0a066b65d501d%7C0%7C0%7C637798493690756156%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=2%2FBrLBqnLaQNRJyx%2FCgPaGE858BrqW%2FO8RD1KUyGm2o%3D&reserved=0 
> <https://usg02.safelinks.protection.office365.us/?url=https%3A%2F%2Flists.centos.org%2Fmailman%2Flistinfo%2Fcentos-announce&data=04%7C01%7Csanjeev.kumar%40bia-boeing.com%7C5bf3fa5591e44bedd6b508d9ea59cd9e%7C930618188e444a1190d0a066b65d501d%7C0%7C0%7C637798493690756156%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=2%2FBrLBqnLaQNRJyx%2FCgPaGE858BrqW%2FO8RD1KUyGm2o%3D&reserved=0>
> 
> 
> _______________________________________________
> CentOS-devel mailing list
> CentOS-devel at centos.org
> https://lists.centos.org/mailman/listinfo/centos-devel