Is Libreoffice 5.3.6 affected by CVE-2021-4104

Comments

Hi,
LibreOffice version available in RHEL 7 is 5.3.6. We have noticed that when installing LibreOffice in RHEL 7, LibreOffice installs a log4j 1.2.17 as a dependency. As per the documents below,
https://logging.apache.org/log4j/2.x/security.html

log4j 1.x vulnerable for the CVE-2021-4104 (this is related to CVE-2021-44228) if Log4j is using JMSAppender.

so is it safe to assume that we are not vulnerable to the CVE-2021-4104 when installing LibreOffice 5.3.6 via RHEL 7 repository?

Started 2021-12-15T12:48:45+00:00 by

Rackspace Customer

Active Contributor 368 points

Responses

Here are the common uses of Markdown.

Code blocks

~~~
Code surrounded in tildes is easier to read
~~~

Links/URLs

[Red Hat Customer Portal](https://access.redhat.com)

Select Your Language

Is Libreoffice 5.3.6 affected by CVE-2021-4104

Responses

Quick Links

Help

Site Info

Related Sites

About

Red Hat legal and privacy links

Red Hat legal and privacy links

Responses

Quick Links

Help

Site Info

Related Sites

Systems Status

About

Red Hat legal and privacy links

Red Hat legal and privacy links