ADA cloud: important vulnerability issue

Error message

Deprecated function: unserialize(): Passing null to parameter #1 ($data) of type string is deprecated in css_injector_init() (line 53 of /prod_service02/web-prod/hpc-web/sites/all/modules/css_injector/css_injector.module).

14/12/2021

Dear CINECA cloud Users,

this is to inform you about an important vulnerability issue about log4j
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228

If you are a system administrator of one or more VMs in our HPC cloud and if you are using:
- Apache log4j2 version < 2.15.0
- JRE (java runtime environment) version < 8u121
- any message logger which uses sensitive information

please check if this vulnerability concerns your VMs.
In this case, please apply the following actions:

- update Apache log4j2 to version >= 2.15.0
- update JRE to version >= 8u121
- if the previous actions are not possible, set the System Property "-Dlog4j2.formatMsgNoLookups=true"

Best regards,
HPC User Support @CINECA

Menu utility

Main menu

News

Help desk

Center news

ERRATA CORRIGE: LEONARDO scratch storage upgrade on November 22

LEONARDO scratch storage upgrade on November 21

EuroHPC User Day

MARCONI back to production

You are here

ADA cloud: important vulnerability issue

Error message

Menu utility

Search form

Main menu

News

Help desk

Center news

ERRATA CORRIGE: LEONARDO scratch storage upgrade on November 22

LEONARDO scratch storage upgrade on November 21

EuroHPC User Day

MARCONI back to production

You are here

ADA cloud: important vulnerability issue

Error message