IT House December 12 news, according to openEuler released, at present, the Euler open source community has fixed the Log4j high-risk security vulnerability (CVE-2021-44228) and issued a security bulletin. You can fix the vulnerability by updating the security patch for openEuler 20.03 LTS SP1 /SP2 Log4j.
The Euler Open Source Community Security Committee quickly initiated the vulnerability impact analysis after the First Detection log4j security vulnerability. Because the vulnerability was successfully exploited to remotely execute arbitrary code and the vulnerability was already publicly exploited by a POC, the security committee assessed the vulnerability as a high-risk vulnerability and quickly initiated an emergency remediation process.
The Euler open source community completed the number of software and system versions affected by the Log4j vulnerability overnight, confirming that the affected LTS system version is openEuler 20.03 LTS SP1/SP2.
After the joint efforts of the Euler Open Source Community Security Committee and contributors, the repair of the affected software was successfully completed at 8 p.m. on December 11, and in order to ensure the security of your system, we recommend that you upgrade to the latest Log4j version through system updates as soon as possible.
The Euler open source community has always regarded security response as the highest priority of the community, and we will continue to provide timely security response services for everyone in the future.
Fix progress timeline
December 10, 09:47 - Vulnerability Awareness: Log4j repository received issue CVE-2021-44228
10 December 15:22 – Vulnerability Troubleshooting: Complete the number of software and system versions affected by Log4j
10/12/18:22 - Preliminary fix: Preliminary fix is to upgrade the Log4j version, spec file adaptation and compilation error handling is being done.
10/12/16 - Final fix: During the upgrade of Log4j, it was found that the new version of the compilation may involve Maven and Java version changes, and there are many issues that need to be solved. The Logo4j upstream community has provided patch repair methods, has completed adaptation, preliminary compilation is successful, and the fix solution is determined to be changed to patch repair.
December 11, 14:46 - Patch Validation: POC code validation passed and is being merged into the official branch.
11 December 20:08 – Patch release: OpenEuler 20.03 LTS SP1/SP2 Log4j security patch has been released.
December 11, 22:47 - Security bulletin released: Log4j security bulletin has been published, click here to view.
Related Reading:
Critical Danger Level! Apache Log4j has a remote code execution vulnerability, and the Java logging framework has a great impact
![CISA Director: Log4j vulnerability has a huge impact The security industry faces a protracted battle[fig]](data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=)