https://bugzilla.redhat.com/show_bug.cgi?id=2030932
--- Comment #32 from Anand Paladugu <apaladug(a)redhat.com> ---
Team
Can we provide answers to these questions in addition to my ask about
workaround and fix timeline above.
- How can we determine which OpenShift versions or clusters are affected and
which components in OpenShift are effected
- How is the vulnerability exploited?
There are 3 Openshift cases so far today, and we need to provide some answers
atleast to customers so we dont keep them in dark until the fixes arrive.
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2030932
https://bugzilla.redhat.com/show_bug.cgi?id=2030932
--- Comment #31 from Anand Paladugu <apaladug(a)redhat.com> ---
Team
Can we provide answers to these questions in addition to my ask about
workaround and fix timeline above.
- How can we determine which OpenShift versions or clusters are affected and
which components in OpenShift are effected
- How is the vulnerability exploited?
There are 3 Openshift cases so far today, and we need to provide some answers
atleast to customers so we dont keep them in dark until the fixes arrive.
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2030932
https://bugzilla.redhat.com/show_bug.cgi?id=2030932
Anand Paladugu <apaladug(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Flags| |needinfo?(pjindal(a)redhat.co
| |m)
--- Comment #29 from Anand Paladugu <apaladug(a)redhat.com> ---
@pjindal(a)redhat.com
So products outside of OpenShift are also impacted. Any thoughts on what
guidance we can provide to customers in the interim. Are there any workarounds
before the fixes arive ?
Thanks
Anand
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2030932
https://bugzilla.redhat.com/show_bug.cgi?id=2030932
Anand Paladugu <apaladug(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |apaladug(a)redhat.com
--- Comment #27 from Anand Paladugu <apaladug(a)redhat.com> ---
Another case was opened for this issue. 03100953 I will link it soon
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2030932
https://bugzilla.redhat.com/show_bug.cgi?id=2030932
--- Doc Text *updated* by Eric Christensen <sparks(a)redhat.com> ---
A flaw was found in the Java logging library Apache Log4j 2 in versions from 2.0-beta9 and before and including 2.14.1. This could allow a remote attacker to execute code on the server if the system logs an attacker-controlled string value with the attacker's JNDI LDAP server lookup.
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2030932
https://bugzilla.redhat.com/show_bug.cgi?id=2030932
Ted Jongseok Won <jwon(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Summary|CVE-2021-44228 log4j-core: |CVE-2021-44228 log4j-core:
|Remote code execution in |Remote code execution in
|Log4j 2.x when logs contain |Log4j 2.x when logs contain
|an attacker-controlled |an attacker-controlled
|string value. |string value.
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2030932