Red Hat Product Errata RHSA-2021:5206 - Security Advisory

Issued:: 2021-12-20
Updated:: 2021-12-20

RHSA-2021:5206 - Security Advisory

Overview
Updated Packages

Synopsis

Moderate: log4j security update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for log4j is now available for Red Hat Enterprise Linux 6 Extended Lifecycle Support, Red Hat Enterprise Linux 7, Red Hat Enterprise Linux 7.3 Advanced Update Support, Red Hat Enterprise Linux 7.4 Advanced Update Support, Red Hat Enterprise Linux 7.6 Advanced Update Support, Red Hat Enterprise Linux 7.6 Telco Extended Update Support, Red Hat Enterprise Linux 7.6 Update Services for SAP Solutions, Red Hat Enterprise Linux 7.7 Advanced Update Support, Red Hat Enterprise Linux 7.7 Telco Extended Update Support, and Red Hat Enterprise Linux 7.7 Update Services for SAP Solutions.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Log4j is a tool to help the programmer output log statements to a variety of output targets.

Security Fix(es):

log4j: Remote code execution in Log4j 1.x when application is configured to use JMSAppender (CVE-2021-4104)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

Red Hat Enterprise Linux Server 7 x86_64
Red Hat Enterprise Linux Server - AUS 7.7 x86_64
Red Hat Enterprise Linux Server - AUS 7.6 x86_64
Red Hat Enterprise Linux Server - AUS 7.4 x86_64
Red Hat Enterprise Linux Server - AUS 7.3 x86_64
Red Hat Enterprise Linux Server - Extended Life Cycle Support 6 x86_64
Red Hat Enterprise Linux Server - Extended Life Cycle Support 6 i386
Red Hat Enterprise Linux Workstation 7 x86_64
Red Hat Enterprise Linux Desktop 7 x86_64
Red Hat Enterprise Linux for IBM z Systems 7 s390x
Red Hat Enterprise Linux for Power, big endian 7 ppc64
Red Hat Enterprise Linux for Scientific Computing 7 x86_64
Red Hat Enterprise Linux for Power, little endian 7 ppc64le
Red Hat Enterprise Linux Server - TUS 7.7 x86_64
Red Hat Enterprise Linux Server - TUS 7.6 x86_64
Red Hat Enterprise Linux Server - Extended Life Cycle Support (for IBM z Systems) 6 s390x
Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 7.7 ppc64le
Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 7.6 ppc64le
Red Hat Enterprise Linux Server for x86_64 - Update Services for SAP Solutions 7.7 x86_64
Red Hat Enterprise Linux Server for x86_64 - Update Services for SAP Solutions 7.6 x86_64

Fixes

BZ - 2031667 - CVE-2021-4104 log4j: Remote code execution in Log4j 1.x when application is configured to use JMSAppender

CVEs

CVE-2021-4104

References

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server 7

SRPM
log4j-1.2.17-17.el7_4.src.rpm	SHA-256: d85ea4787fa5728bd165d8b91f8ca87336aaa40196b4e6a8b578abda1e81629a
x86_64
log4j-1.2.17-17.el7_4.noarch.rpm	SHA-256: f080946fcf6f950cd80acc11eff4b3bf449fe66e6c414b47bab1558ebe263ee9
log4j-javadoc-1.2.17-17.el7_4.noarch.rpm	SHA-256: ab1f5fb8f5b3d3a6350739c5721718bb36374cfab9c38242df75856b9190a173
log4j-manual-1.2.17-17.el7_4.noarch.rpm	SHA-256: 8c0ba0de68cb242456e67d830a8c499e6d8c8ce3f171290f81514044356602a3

Red Hat Enterprise Linux Server - AUS 7.7

SRPM
log4j-1.2.17-17.el7_4.src.rpm	SHA-256: d85ea4787fa5728bd165d8b91f8ca87336aaa40196b4e6a8b578abda1e81629a
x86_64
log4j-1.2.17-17.el7_4.noarch.rpm	SHA-256: f080946fcf6f950cd80acc11eff4b3bf449fe66e6c414b47bab1558ebe263ee9
log4j-javadoc-1.2.17-17.el7_4.noarch.rpm	SHA-256: ab1f5fb8f5b3d3a6350739c5721718bb36374cfab9c38242df75856b9190a173
log4j-manual-1.2.17-17.el7_4.noarch.rpm	SHA-256: 8c0ba0de68cb242456e67d830a8c499e6d8c8ce3f171290f81514044356602a3

Red Hat Enterprise Linux Server - AUS 7.6

SRPM
log4j-1.2.17-17.el7_4.src.rpm	SHA-256: d85ea4787fa5728bd165d8b91f8ca87336aaa40196b4e6a8b578abda1e81629a
x86_64
log4j-1.2.17-17.el7_4.noarch.rpm	SHA-256: f080946fcf6f950cd80acc11eff4b3bf449fe66e6c414b47bab1558ebe263ee9
log4j-javadoc-1.2.17-17.el7_4.noarch.rpm	SHA-256: ab1f5fb8f5b3d3a6350739c5721718bb36374cfab9c38242df75856b9190a173
log4j-manual-1.2.17-17.el7_4.noarch.rpm	SHA-256: 8c0ba0de68cb242456e67d830a8c499e6d8c8ce3f171290f81514044356602a3

Red Hat Enterprise Linux Server - AUS 7.4

SRPM
log4j-1.2.17-17.el7_4.src.rpm	SHA-256: d85ea4787fa5728bd165d8b91f8ca87336aaa40196b4e6a8b578abda1e81629a
x86_64
log4j-1.2.17-17.el7_4.noarch.rpm	SHA-256: f080946fcf6f950cd80acc11eff4b3bf449fe66e6c414b47bab1558ebe263ee9
log4j-javadoc-1.2.17-17.el7_4.noarch.rpm	SHA-256: ab1f5fb8f5b3d3a6350739c5721718bb36374cfab9c38242df75856b9190a173
log4j-manual-1.2.17-17.el7_4.noarch.rpm	SHA-256: 8c0ba0de68cb242456e67d830a8c499e6d8c8ce3f171290f81514044356602a3

Red Hat Enterprise Linux Server - AUS 7.3

SRPM
log4j-1.2.17-16.el7_3.src.rpm	SHA-256: ceacb864012a2f999c442b6466f8b5c9677f1c7d3f6c90836efa83d41cd7d804
x86_64
log4j-1.2.17-16.el7_3.noarch.rpm	SHA-256: 2baa5f10a987f59819949c376d30e9e774ff6d7948d54ef5d00a13b34c36580d
log4j-javadoc-1.2.17-16.el7_3.noarch.rpm	SHA-256: a3ae7ba56c9ed4aa4784d27e2c6547e8b64f1917dc23aba4858855a7d47fa2b3
log4j-manual-1.2.17-16.el7_3.noarch.rpm	SHA-256: 9a462ab5279b56240eaca68ea2144cc3bf64cf056c4f704c85b678382a771b4f

Red Hat Enterprise Linux Server - Extended Life Cycle Support 6

SRPM
log4j-1.2.14-6.5.el6_10.src.rpm	SHA-256: 8f72526e0dbbcf4c56d1d6534527487982c4e903ec9061a7c12aa5e9a1d27025
x86_64
log4j-1.2.14-6.5.el6_10.x86_64.rpm	SHA-256: 3adda83a66c25b95c8569051e654362f2275e25f63a704217caf61b34138af67
log4j-debuginfo-1.2.14-6.5.el6_10.x86_64.rpm	SHA-256: 8f118c72aa448184b230cd78fe0f96a4a13fb2d213860805de308f3ae9e74264
log4j-debuginfo-1.2.14-6.5.el6_10.x86_64.rpm	SHA-256: 8f118c72aa448184b230cd78fe0f96a4a13fb2d213860805de308f3ae9e74264
log4j-javadoc-1.2.14-6.5.el6_10.x86_64.rpm	SHA-256: 1a5894130cbece3082a06e38ab23439a6223d8bdfda38cbd3e6447effd88d62c
log4j-manual-1.2.14-6.5.el6_10.x86_64.rpm	SHA-256: eeaf9add52f4119e11621514d60371abe4491b84e7a3a07c1308e5c2d7b0183b
i386
log4j-1.2.14-6.5.el6_10.i686.rpm	SHA-256: 257cb24910206d7d3ec685b044a8a351dab231b21441e7f941fce26720d5a1c1
log4j-debuginfo-1.2.14-6.5.el6_10.i686.rpm	SHA-256: e10e536bebd4ab3c4df600bacff723c7f25c7cd046c9e92681bc2dc47fb8c9d6
log4j-debuginfo-1.2.14-6.5.el6_10.i686.rpm	SHA-256: e10e536bebd4ab3c4df600bacff723c7f25c7cd046c9e92681bc2dc47fb8c9d6
log4j-javadoc-1.2.14-6.5.el6_10.i686.rpm	SHA-256: 7e3250293033a1b02ad97184b73ef5c03999522cd5f6b40bde10427c8b31d15d
log4j-manual-1.2.14-6.5.el6_10.i686.rpm	SHA-256: 14d20fa080907e2dfab72815bd3bbdd3acd24f715c36cab2f2ccada030b5c5a8

Red Hat Enterprise Linux Workstation 7

SRPM
log4j-1.2.17-17.el7_4.src.rpm	SHA-256: d85ea4787fa5728bd165d8b91f8ca87336aaa40196b4e6a8b578abda1e81629a
x86_64
log4j-1.2.17-17.el7_4.noarch.rpm	SHA-256: f080946fcf6f950cd80acc11eff4b3bf449fe66e6c414b47bab1558ebe263ee9
log4j-javadoc-1.2.17-17.el7_4.noarch.rpm	SHA-256: ab1f5fb8f5b3d3a6350739c5721718bb36374cfab9c38242df75856b9190a173
log4j-manual-1.2.17-17.el7_4.noarch.rpm	SHA-256: 8c0ba0de68cb242456e67d830a8c499e6d8c8ce3f171290f81514044356602a3

Red Hat Enterprise Linux Desktop 7

SRPM
log4j-1.2.17-17.el7_4.src.rpm	SHA-256: d85ea4787fa5728bd165d8b91f8ca87336aaa40196b4e6a8b578abda1e81629a
x86_64
log4j-1.2.17-17.el7_4.noarch.rpm	SHA-256: f080946fcf6f950cd80acc11eff4b3bf449fe66e6c414b47bab1558ebe263ee9
log4j-javadoc-1.2.17-17.el7_4.noarch.rpm	SHA-256: ab1f5fb8f5b3d3a6350739c5721718bb36374cfab9c38242df75856b9190a173
log4j-manual-1.2.17-17.el7_4.noarch.rpm	SHA-256: 8c0ba0de68cb242456e67d830a8c499e6d8c8ce3f171290f81514044356602a3

Red Hat Enterprise Linux for IBM z Systems 7

SRPM
log4j-1.2.17-17.el7_4.src.rpm	SHA-256: d85ea4787fa5728bd165d8b91f8ca87336aaa40196b4e6a8b578abda1e81629a
s390x
log4j-1.2.17-17.el7_4.noarch.rpm	SHA-256: f080946fcf6f950cd80acc11eff4b3bf449fe66e6c414b47bab1558ebe263ee9
log4j-javadoc-1.2.17-17.el7_4.noarch.rpm	SHA-256: ab1f5fb8f5b3d3a6350739c5721718bb36374cfab9c38242df75856b9190a173
log4j-manual-1.2.17-17.el7_4.noarch.rpm	SHA-256: 8c0ba0de68cb242456e67d830a8c499e6d8c8ce3f171290f81514044356602a3

Red Hat Enterprise Linux for Power, big endian 7

SRPM
log4j-1.2.17-17.el7_4.src.rpm	SHA-256: d85ea4787fa5728bd165d8b91f8ca87336aaa40196b4e6a8b578abda1e81629a
ppc64
log4j-1.2.17-17.el7_4.noarch.rpm	SHA-256: f080946fcf6f950cd80acc11eff4b3bf449fe66e6c414b47bab1558ebe263ee9
log4j-javadoc-1.2.17-17.el7_4.noarch.rpm	SHA-256: ab1f5fb8f5b3d3a6350739c5721718bb36374cfab9c38242df75856b9190a173
log4j-manual-1.2.17-17.el7_4.noarch.rpm	SHA-256: 8c0ba0de68cb242456e67d830a8c499e6d8c8ce3f171290f81514044356602a3

Red Hat Enterprise Linux for Scientific Computing 7

SRPM
log4j-1.2.17-17.el7_4.src.rpm	SHA-256: d85ea4787fa5728bd165d8b91f8ca87336aaa40196b4e6a8b578abda1e81629a
x86_64
log4j-1.2.17-17.el7_4.noarch.rpm	SHA-256: f080946fcf6f950cd80acc11eff4b3bf449fe66e6c414b47bab1558ebe263ee9
log4j-javadoc-1.2.17-17.el7_4.noarch.rpm	SHA-256: ab1f5fb8f5b3d3a6350739c5721718bb36374cfab9c38242df75856b9190a173
log4j-manual-1.2.17-17.el7_4.noarch.rpm	SHA-256: 8c0ba0de68cb242456e67d830a8c499e6d8c8ce3f171290f81514044356602a3

Red Hat Enterprise Linux for Power, little endian 7

SRPM
log4j-1.2.17-17.el7_4.src.rpm	SHA-256: d85ea4787fa5728bd165d8b91f8ca87336aaa40196b4e6a8b578abda1e81629a
ppc64le
log4j-1.2.17-17.el7_4.noarch.rpm	SHA-256: f080946fcf6f950cd80acc11eff4b3bf449fe66e6c414b47bab1558ebe263ee9
log4j-javadoc-1.2.17-17.el7_4.noarch.rpm	SHA-256: ab1f5fb8f5b3d3a6350739c5721718bb36374cfab9c38242df75856b9190a173
log4j-manual-1.2.17-17.el7_4.noarch.rpm	SHA-256: 8c0ba0de68cb242456e67d830a8c499e6d8c8ce3f171290f81514044356602a3

Red Hat Enterprise Linux Server - TUS 7.7

SRPM
log4j-1.2.17-17.el7_4.src.rpm	SHA-256: d85ea4787fa5728bd165d8b91f8ca87336aaa40196b4e6a8b578abda1e81629a
x86_64
log4j-1.2.17-17.el7_4.noarch.rpm	SHA-256: f080946fcf6f950cd80acc11eff4b3bf449fe66e6c414b47bab1558ebe263ee9
log4j-javadoc-1.2.17-17.el7_4.noarch.rpm	SHA-256: ab1f5fb8f5b3d3a6350739c5721718bb36374cfab9c38242df75856b9190a173
log4j-manual-1.2.17-17.el7_4.noarch.rpm	SHA-256: 8c0ba0de68cb242456e67d830a8c499e6d8c8ce3f171290f81514044356602a3

Red Hat Enterprise Linux Server - TUS 7.6

SRPM
log4j-1.2.17-17.el7_4.src.rpm	SHA-256: d85ea4787fa5728bd165d8b91f8ca87336aaa40196b4e6a8b578abda1e81629a
x86_64
log4j-1.2.17-17.el7_4.noarch.rpm	SHA-256: f080946fcf6f950cd80acc11eff4b3bf449fe66e6c414b47bab1558ebe263ee9
log4j-javadoc-1.2.17-17.el7_4.noarch.rpm	SHA-256: ab1f5fb8f5b3d3a6350739c5721718bb36374cfab9c38242df75856b9190a173
log4j-manual-1.2.17-17.el7_4.noarch.rpm	SHA-256: 8c0ba0de68cb242456e67d830a8c499e6d8c8ce3f171290f81514044356602a3

Red Hat Enterprise Linux Server - Extended Life Cycle Support (for IBM z Systems) 6

SRPM
log4j-1.2.14-6.5.el6_10.src.rpm	SHA-256: 8f72526e0dbbcf4c56d1d6534527487982c4e903ec9061a7c12aa5e9a1d27025
s390x
log4j-1.2.14-6.5.el6_10.s390x.rpm	SHA-256: 94571439b70694a7b0645095e3bfa7c443eb493138625575692355ad6e431a4a
log4j-debuginfo-1.2.14-6.5.el6_10.s390x.rpm	SHA-256: ae2835f3ad1e0168f995d48cca51b4270cd5c8d3cdb26f0d16950d241f0d8434
log4j-debuginfo-1.2.14-6.5.el6_10.s390x.rpm	SHA-256: ae2835f3ad1e0168f995d48cca51b4270cd5c8d3cdb26f0d16950d241f0d8434
log4j-javadoc-1.2.14-6.5.el6_10.s390x.rpm	SHA-256: 7754b88ca76e72ec22d7d02f28158ccdf2208f80a361f5ed0ab515d6ce16fe3d
log4j-manual-1.2.14-6.5.el6_10.s390x.rpm	SHA-256: ae80f9eb0cfa5ef310ee04b43ba2e11caff8d27fe4617d81d1b33985cb74a282

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 7.7

SRPM
log4j-1.2.17-17.el7_4.src.rpm	SHA-256: d85ea4787fa5728bd165d8b91f8ca87336aaa40196b4e6a8b578abda1e81629a
ppc64le
log4j-1.2.17-17.el7_4.noarch.rpm	SHA-256: f080946fcf6f950cd80acc11eff4b3bf449fe66e6c414b47bab1558ebe263ee9
log4j-javadoc-1.2.17-17.el7_4.noarch.rpm	SHA-256: ab1f5fb8f5b3d3a6350739c5721718bb36374cfab9c38242df75856b9190a173
log4j-manual-1.2.17-17.el7_4.noarch.rpm	SHA-256: 8c0ba0de68cb242456e67d830a8c499e6d8c8ce3f171290f81514044356602a3

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 7.6

SRPM
log4j-1.2.17-17.el7_4.src.rpm	SHA-256: d85ea4787fa5728bd165d8b91f8ca87336aaa40196b4e6a8b578abda1e81629a
ppc64le
log4j-1.2.17-17.el7_4.noarch.rpm	SHA-256: f080946fcf6f950cd80acc11eff4b3bf449fe66e6c414b47bab1558ebe263ee9
log4j-javadoc-1.2.17-17.el7_4.noarch.rpm	SHA-256: ab1f5fb8f5b3d3a6350739c5721718bb36374cfab9c38242df75856b9190a173
log4j-manual-1.2.17-17.el7_4.noarch.rpm	SHA-256: 8c0ba0de68cb242456e67d830a8c499e6d8c8ce3f171290f81514044356602a3

Red Hat Enterprise Linux Server for x86_64 - Update Services for SAP Solutions 7.7

SRPM
log4j-1.2.17-17.el7_4.src.rpm	SHA-256: d85ea4787fa5728bd165d8b91f8ca87336aaa40196b4e6a8b578abda1e81629a
x86_64
log4j-1.2.17-17.el7_4.noarch.rpm	SHA-256: f080946fcf6f950cd80acc11eff4b3bf449fe66e6c414b47bab1558ebe263ee9
log4j-javadoc-1.2.17-17.el7_4.noarch.rpm	SHA-256: ab1f5fb8f5b3d3a6350739c5721718bb36374cfab9c38242df75856b9190a173
log4j-manual-1.2.17-17.el7_4.noarch.rpm	SHA-256: 8c0ba0de68cb242456e67d830a8c499e6d8c8ce3f171290f81514044356602a3

Red Hat Enterprise Linux Server for x86_64 - Update Services for SAP Solutions 7.6

SRPM
log4j-1.2.17-17.el7_4.src.rpm	SHA-256: d85ea4787fa5728bd165d8b91f8ca87336aaa40196b4e6a8b578abda1e81629a
x86_64
log4j-1.2.17-17.el7_4.noarch.rpm	SHA-256: f080946fcf6f950cd80acc11eff4b3bf449fe66e6c414b47bab1558ebe263ee9
log4j-javadoc-1.2.17-17.el7_4.noarch.rpm	SHA-256: ab1f5fb8f5b3d3a6350739c5721718bb36374cfab9c38242df75856b9190a173
log4j-manual-1.2.17-17.el7_4.noarch.rpm	SHA-256: 8c0ba0de68cb242456e67d830a8c499e6d8c8ce3f171290f81514044356602a3

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation