logo
DATABASE RESOURCES PRICING ABOUT US

slf4j security update

Description

**CentOS Errata and Security Advisory** CESA-2018:0592 The Simple Logging Facade for Java or (SLF4J) is a simple facade for various logging APIs allowing the end-user to plug in the desired implementation at deployment time. SLF4J also allows for a gradual migration path away from Jakarta Commons Logging (JCL). Security Fix(es): * slf4j: Deserialisation vulnerability in EventData constructor can allow for arbitrary code execution (CVE-2018-8088) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank Chris McCown for reporting this issue. **Merged security bulletin from advisories:** https://lists.centos.org/pipermail/centos-announce/2018-March/072286.html **Affected packages:** slf4j slf4j-javadoc slf4j-manual **Upstream details at:** https://access.redhat.com/errata/RHSA-2018:0592


Affected Package


OS OS Version Package Name Package Version
CentOS 7 slf4j 1.7.4-4.el7_4
CentOS 7 slf4j-javadoc 1.7.4-4.el7_4
CentOS 7 slf4j-manual 1.7.4-4.el7_4

Related