QID 353240
Date Published: 2022-04-25
QID 353240: Amazon Linux Security Advisory for log4j-cve-2021-44228-hotpatch : ALAS-2022-1580
The apache log4j hotpatch package starting with log4j-cve-2021-44228-hotpatch-1.1-16 will now explicitly mimic the linux capabilities and cgroups of the target java process that the hotpatch is applied to. in order to mimic the linux capabilities of the target process, amazon linux 1 customers need to be running kernel version 4.14.275-142.503 or later, while amazon linux 2 customers on arm need to be running kernel versions 4.14.275-207.503, 5.4.188-104.359, 5.10.109-104.500 or later.
Amazon linux 2 customers on intel or amd instances do not need an updated kernel. (
( CVE-2022-0070)
Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
Successful exploitation of this vulnerability could lead to a securitybreach or could affect integrity, availability, and confidentiality.
Solution
Please refer to Amazon advisory: ALAS-2022-1580 for affected packages and patching details, or update with your package manager.
Vendor References
- ALAS-2022-1580 -
alas.aws.amazon.com/ALAS-2022-1580.html
CVEs related to QID 353240
Software Advisories
| Advisory ID | Software | Component | Link |
|---|---|---|---|
| ALAS-2022-1580 | Amazon Linux |
alas.aws.amazon.com/ALAS-2022-1580.html |