-------------------------------------------------------------------------------- Fedora EPEL Update Notification FEDORA-EPEL-2020-30aba92944 2020-05-31 00:39:15.116991 --------------------------------------------------------------------------------

Name : log4net Product : Fedora EPEL 8 Version : 2.0.8 Release : 10.el8 URL : http://logging.apache.org/log4net/ Summary : A .NET framework for logging Description : log4net is a tool to help the programmer output log statements to a variety of output targets. log4net is a port of the excellent log4j framework to the .NET runtime

-------------------------------------------------------------------------------- Update Information:

Security fix for CVE-2018-1285 -------------------------------------------------------------------------------- ChangeLog:

* Fri May 15 2020 Timotheus Pokorra timotheus.pokorra@solidcharity.com - 2.0.8-10 - apply security fix for xml configurator: [CVE-2018-1285] XXE vulnerability in Apache log4net -------------------------------------------------------------------------------- References:

[ 1 ] Bug #1835982 - CVE-2018-1285 log4net: XXE in applications that accept arbitrary configuration files from users https://bugzilla.redhat.com/show_bug.cgi?id=1835982 --------------------------------------------------------------------------------

This update can be installed with the "yum" update programs. Use su -c 'yum update log4net' at the command line. For more information, refer to "YUM", available at https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7%5C /html/System_Administrators_Guide/ch-yum.html

All packages are signed with the Fedora EPEL GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------