A critical vulnerability, CVE-2021-44228 was found in the Apache Log4j library. It is also known as Log4Shell and allows for remote code execution (RCE). Log4j is one of the most commonly used event logging libraries used by applications written in Java. An intruder can gain access to execute arbitrary commands on the server, but with the vulnerable application’s user privileges.
Although EuroLinux 8 is not directly affected by this vulnerability, we have introduced a mechanism to mitigate the Log4Shell vulnerability that works with applications using Log4j. To activate it, update the system with the standard
sudo dnf update command and reboot the machine.