Recommended update for log4j

Announcement ID: SUSE-RU-2022:0846-1
Rating: moderate
References:
Affected Products:
  • Basesystem Module 15-SP3
  • Development Tools Module 15-SP3
  • SUSE Linux Enterprise Desktop 15 SP3
  • SUSE Linux Enterprise High Performance Computing 15 SP3
  • SUSE Linux Enterprise Real Time 15 SP2
  • SUSE Linux Enterprise Real Time 15 SP3
  • SUSE Linux Enterprise Server 15 SP3
  • SUSE Linux Enterprise Server 15 SP3 Business Critical Linux 15-SP3
  • SUSE Linux Enterprise Server for SAP Applications 15 SP3
  • SUSE Manager Proxy 4.2
  • SUSE Manager Retail Branch Server 4.2
  • SUSE Manager Server 4.2

An update that contains one feature can now be installed.

Description:

This update ships log4j 2.17.1 to the SUSE Linux Enterprise Basesystem module. (jsc#SLE-23508)

  • Removed alias log4j:log4j from log4j-1.2-api, since it is not a drop-in replacement

Update to 2.17.1.

Fixed bugs:

  • JdbcAppender now uses JndiManager to access JNDI resources. JNDI is only enabled when system property log4j2.enableJndiJdbc is set to true.
  • Remove unused method.
  • ExtendedLoggerWrapper.logMessage no longer double-logs when location is requested.
  • log4j-to-slf4j no longer re-interpolates formatted message contents.
  • Correct SpringLookup package name in Interpolator.
  • log4j-to-slf4j takes the provided MessageFactory into account.
  • Fix MapLookup to lookup MapMessage before DefaultMap.
  • Buffered I/O checked had inverted logic in RollingFileAppenderBuidler.
  • Fix NPE when input is null in StrSubstitutor.replace(String, Properties).
  • Lookups with no prefix only read values from the configuration properties as expected.
  • Reduce ignored package scope of KafkaAppender.

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

  • Basesystem Module 15-SP3
    zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-846=1
  • Development Tools Module 15-SP3
    zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2022-846=1
  • SUSE Linux Enterprise Real Time 15 SP2
    zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-846=1

Package List:

  • Basesystem Module 15-SP3 (noarch)
    • jackson-core-2.10.2-3.2.1
    • jackson-databind-2.10.5.1-3.5.1
    • log4j-2.17.1-4.20.1
    • log4j-slf4j-2.17.1-4.20.1
    • jackson-annotations-2.10.2-3.2.1
    • log4j-jcl-2.17.1-4.20.1
    • jackson-databind-javadoc-2.10.5.1-3.5.1
    • jackson-annotations-javadoc-2.10.2-3.2.1
    • log4j-javadoc-2.17.1-4.20.1
    • jackson-core-javadoc-2.10.2-3.2.1
  • Development Tools Module 15-SP3 (noarch)
    • jackson-core-2.10.2-3.2.1
    • jackson-annotations-2.10.2-3.2.1
    • jackson-databind-2.10.5.1-3.5.1
  • SUSE Linux Enterprise Real Time 15 SP2 (noarch)
    • jackson-core-2.10.2-3.2.1
    • jackson-annotations-2.10.2-3.2.1
    • jackson-databind-2.10.5.1-3.5.1

References: