OPENSUSE-SU-2022:0226-1
Advisory lineage Upstream: 3 Downstream: 0
Published: 28 Jan 2022, 16:22
Last modified:04 Feb 2026, 03:52
Vulnerability Summary
Overall Risk (default)
minimal
0/100 CVSS Score
No data
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
28 Jan 2022, 16:22
Published
Vulnerability first disclosed
04 Feb 2026, 03:52
Last Modified
Vulnerability information updated
Description
Security update for log4j12 This update for log4j12 fixes the following issues: - CVE-2022-23307: Fix deserialization issue by removing the chainsaw sub-package. (bsc#1194844) - CVE-2022-23305: Fix SQL injection by removing src/main/java/org/apache/log4j/jdbc/JDBCAppender.java. (bsc#1194843) - CVE-2022-23302: Fix remote code execution by removing src/main/java/org/apache/log4j/net/JMSSink.java. (bsc#1194842)
Affected Systems
- opensuse•log4j12&distro=openSUSE Leap 15.3
< 1.2.17-4.9.1
References (8)
- https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/543MEJC5CUZO2UZUL4R43HGV5KUNNJ4U/
- https://bugzilla.suse.com/1193184
- https://bugzilla.suse.com/1194842
- https://bugzilla.suse.com/1194843
- https://bugzilla.suse.com/1194844
- https://www.suse.com/security/cve/CVE-2022-23302
- https://www.suse.com/security/cve/CVE-2022-23305
- https://www.suse.com/security/cve/CVE-2022-23307