perfsonar-user - Re: [perfsonar-user] Reccomendation for mitigating log4j vuln
Subject: perfSONAR User Q&A and Other Discussion
List archive
- From: Hans Kuhn <>
- To: Mark Feit <>
- Cc:
- Subject: Re: [perfsonar-user] Reccomendation for mitigating log4j vuln
- Date: Fri, 10 Dec 2021 10:43:35 -0800
On 10 Dec 2021, at 10:35, Mark Feit wrote:
> Hans Kuhn writes:
>
> What is the perfsonar development team's recommendation for addressing the
> RCE vulnerability in log4j that was announced today?
>
> No action is required for that. The vulnerability described is in versions
> >= 2.0; the version that ships with all distributions we support is 1.2.17.
>
> --Mark
Thanks Mark! Can you reassure me that this doesn't apply to pS even tho it
runs log4j 1.x?
"The 1.x series of Log4j is also vulnerable to this issue when using the JMS
Appender class."
This quote comes from:
https://www.randori.com/blog/cve-2021-44228/
I saw quite a bit of discussion on infosec twitter as to whether 1.x users
are affected and it appears they might be.
thanks,
Hans
- [perfsonar-user] Reccomendation for mitigating log4j vuln, Hans Kuhn, 12/10/2021
- Re: [perfsonar-user] Reccomendation for mitigating log4j vuln, Mark Feit, 12/10/2021
- Re: [perfsonar-user] Reccomendation for mitigating log4j vuln, Hans Kuhn, 12/10/2021
- Re: [perfsonar-user] Reccomendation for mitigating log4j vuln, Mark Feit, 12/10/2021
- Re: [perfsonar-user] Reccomendation for mitigating log4j vuln, Hans Kuhn, 12/10/2021
- Re: [perfsonar-user] Reccomendation for mitigating log4j vuln, Mark Feit, 12/10/2021
- Re: [perfsonar-user] Reccomendation for mitigating log4j vuln, Hans Kuhn, 12/10/2021
- Re: [perfsonar-user] Reccomendation for mitigating log4j vuln, Mark Feit, 12/10/2021
Archive powered by MHonArc 2.6.24.