[ovirt-users] Re: oVirt and log4j vulnerability
On Mon, Dec 13, 2021 at 2:46 PM Derek Atkins <derek(a)ihtfp.com> wrote:
On Mon, December 13, 2021 8:04 am, Gianluca Cecchi wrote:
>>
> If I understood correctly reading here:
>
https://blog.qualys.com/vulnerabilities-threat-research/2021/12/10/apache...
>
> you are protected by the RCE if java is 1.8 and greater than 1.8.121
> (released on 2017)
Do you mean 1.8.0.121? For example, my system has:
java-1.8.0-openjdk-headless-1.8.0.252.b09-2.el7_8.x86_64
If you are still on oVirt 4.3, which is using OpenJDK 1.8, then you should
have installed java-1.8.0-openjdk-1.8.0.312.b07-1.el7_9.x86_64.
If you are on oVirt 4.4, which is using OpenJDK 11, then you should have
installed java-11-openjdk-headless-11.0.13.0.8-3.el8_5.x86_64
-derek
--
Derek Atkins 617-623-3745
derek(a)ihtfp.com www.ihtfp.com
Computer and Internet Security Consultant
_______________________________________________
Users mailing list -- users(a)ovirt.org
To unsubscribe send an email to users-leave(a)ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct:
https://www.ovirt.org/community/about/community-guidelines/
List Archives:
https://lists.ovirt.org/archives/list/users@ovirt.org/message/32PPOVQZRSI...
--
Martin Perina
Manager, Software Engineering
Red Hat Czech s.r.o.
Attachments:
- attachment.html (text/html — 3.2 KB)