Blog

EuroLinux java Apache Log4j Log4shell
Linux Security
2021-12-13

Critical vulnerability (CVE-2021-44228) in Apache Log4j and EuroLinux 8 status

Although EuroLinux 8 is not directly affected by this vulnerability, we have introduced a mechanism to mitigate the Log4Shell vulnerability that works with applications using Log4j.

A critical vulnerability, CVE-2021-44228 was found in the Apache Log4j library. It is also known as Log4Shell and allows for remote code execution (RCE). Log4j is one of the most commonly used event logging libraries used by applications written in Java. An intruder can gain access to execute arbitrary commands on the server, but with the vulnerable application’s user privileges.

Although EuroLinux 8 is not directly affected by this vulnerability, we have introduced a mechanism to mitigate the Log4Shell vulnerability that works with applications using Log4j. To activate it, update the system with the standard sudo dnf update command and reboot the machine.

As part of the CVE-2021-44228 mitigation, the EuroLinux Vagrant and VMware images on Vagrant Cloud and the container images on Docker Hub and Quay.io have been updated.

EuroLinux 8 images hosted on Microsoft Azure, Amazon Web Services, and Google Cloud Platform have also been updated.

Authors

The blog articles are written by people from the EuroLinux team. We owe 80% of the content to our developers, the rest is prepared by the sales or marketing department. We make every effort to ensure that the content is the best in terms of content and language, but we are not infallible. If you see anything that needs to be corrected or clarified, we'd love to hear from you.