Critical vulnerability (CVE-2021-44228) in Apache Log4j and EuroLinux 8 status
Although EuroLinux 8 is not directly affected by this vulnerability, we have introduced a mechanism to mitigate the Log4Shell vulnerability that works with applications using Log4j.
A critical vulnerability, CVE-2021-44228 was found in the Apache Log4j library. It is also known as Log4Shell and allows for remote code execution (RCE). Log4j is one of the most commonly used event logging libraries used by applications written in Java. An intruder can gain access to execute arbitrary commands on the server, but with the vulnerable application’s user privileges.
Although EuroLinux 8 is not directly affected by this vulnerability, we have introduced a mechanism to mitigate the Log4Shell vulnerability that works with applications using Log4j. To activate it, update the system with the standard sudo dnf update
command and reboot the machine.
As part of the CVE-2021-44228 mitigation, the EuroLinux Vagrant and VMware images on Vagrant Cloud and the container images on Docker Hub and Quay.io have been updated.
EuroLinux 8 images hosted on Microsoft Azure, Amazon Web Services, and Google Cloud Platform have also been updated.