[Info-vax] Java, log4j, log4shell, and OpenVMS: CVE-2021-44228
Arne Vajhøj
arne at vajhoej.dk
Thu Jan 6 18:54:54 EST 2022
On 1/6/2022 5:21 PM, George Cornelius wrote:
> My home Linux box has Libre Office, and some report writer functionality
> had a dependency on log4j and it did not seem to be possible to remove
> log4j without using some kind of --force-remove option, although I
> suppose I could have just hidden the executable for that portion of
> Libre Office.
>
> I see I have the log4j patch in now as part of a routine patch
> application, but I don't believe it was there to begin with so I was
> exposed for a few days.
log4j is almost everywhere.
But the attack vector in LO must be rather narrow compared to
all the server applications.
Arne
More information about the Info-vax
mailing list