Church IT Network

CVE-2021-44228 (log4j) - Vendor Responses

Technology Security

codatory (Alex Conner) December 10, 2021, 7:39pm 1

This is a thread to track vendor responses and updates for CVE-2021-44228.

General discussion can take place over on CVE-2021-44228 (log4j) Vulnerability Discussion.

codatory (Alex Conner) December 10, 2021, 7:46pm 2

UniFi Controller Update Released

https://community.ui.com/releases/UniFi-Network-Application-6-5-54/d717f241-48bb-4979-8b10-99db36ddabe1

codatory (Alex Conner) December 10, 2021, 8:55pm 3

VMWare Response

https://kb.vmware.com/s/article/87068

tlphipps (Travis Phipps) December 11, 2021, 12:49am 4

Anybody know HostiFi’s plan/schedule for updates? Never know where to look for updates and info from them.

codatory (Alex Conner) December 11, 2021, 1:11am 5

Already done at HostiFi

1 Like

willpolley (Will Polley) December 11, 2021, 3:48pm 6

I did a quick gander around for a PaperCut response, but didn’t find anything.

Anyone know if they are using log4j?

Nvm. I’m bad at Google on Saturdays.

https://www.papercut.com/support/known-issues/#ng

Edit #2… Here’s PaperCut’s KB with links to workaround and a hotpatch. Log4Shell (CVE-2021-44228) - How is PaperCut Affected? | PaperCut

wantmoore (Justin Moore) December 11, 2021, 7:04pm 7

JAMF has released an update. https://docs.jamf.com/10.34.1/jamf-pro/release-notes/Whats_New_in_This_Release.html

codatory (Alex Conner) December 11, 2021, 10:13pm 8

https://www.papercut.com/support/known-issues/?id=PO-684

Affected and have a mitigation posted.

benfifield (Ben Fifield) December 12, 2021, 2:31pm 9

VMware has posted instructions for applying the “formatMsgNoLookups” mitigation to most of their affected products: VMSA-2021-0028.1 (vmware.com)

codatory (Alex Conner) December 12, 2021, 3:55pm 10

The Big Book of Vendor Responses:

gist.github.com

https://gist.github.com/SwitHak/b66db3a06c2955a9cb71a8718970c592

20211210-TLP-WHITE_LOG4J.md

Security Advisories / Bulletins linked to Log4Shell (CVE-2021-44228)

## Errors, typos, something to say ?
  - If you want to add a link, comment or send it to me
  - Feel free to report any mistake directly below in the comment or in DM on Twitter [@SwitHak](https://twitter.com/SwitHak)

# A
## Akamai : https://www.akamai.com/blog/news/CVE-2021-44228-Zero-Day-Vulnerability
## Apache Druid : https://github.com/apache/druid/pull/12051
## Apache Flink : https://flink.apache.org/2021/12/10/log4j-cve.html

This file has been truncated. show original

1 Like

jmcilhargey1 (James McIlhargey) December 13, 2021, 3:17pm 11

Here is official link for PaperCut patch.

https://www.papercut.com/support/known-issues/?id=PO-684#mf