[prev in list] [next in list] [prev in thread] [next in thread]
List: gpg4win-users-en
Subject: [Gpg4win-users-en] No Java -> Gpg4win immune against any Apache Log4j Vulnerabilities
From: Bernhard Reiter <bernhard () intevation ! de>
Date: 2021-12-17 11:29:08
Message-ID: 202112171229.21248.bernhard () intevation ! de
[Download RAW message or body]
[Attachment #2 (multipart/signed)]
Hello,
Gpg4win and the components coming with it, including the installer,
do _not_ use Java.
So we believe Gpg4win to be immune against any vulnerabilities
in the Java logging library Apache Log4j.
Background:
A number of vulnerabilities in the popular logging library
for Java applications have let to an IT emergency
as they are considered a 10.0/10 "critical" CVSS 3
remote exploitable, remote execution defect.
In the wide assessment of IT security, we are getting a few
general questions about the use of this library.
As Gpg4win does not use it, we are fine.
Best Regards
Bernhard
Links:
CVE-2021-44228 CVE-2021-45046
https://nvd.nist.gov/vuln/detail/CVE-2021-44228
https://www.cisa.gov/uscert/apache-log4j-vulnerability-guidance
https://blogs.apache.org/foundation/entry/apache-log4j-cves
--
www.intevation.de/~bernhard +49 541 33 508 3-3
Intevation GmbH, Osnabrück, DE; Amtsgericht Osnabrück, HRB 18998
Geschäftsführer Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
["signature.asc" (application/pgp-signature)]
[Attachment #6 (text/plain)]
_______________________________________________
Gpg4win-users-en mailing list
Gpg4win-users-en@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/gpg4win-users-en
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic