Home / mailingsPDF  

[USN-7616-1] logback vulnerabilities

Posted on 03 July 2025
Ubuntu Security

==========================================================================Ubuntu Security Notice USN-7616-1
July 02, 2025

logback vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS

Summary:

Several security issues were fixed in logback.

Software Description:
- logback: A reliable, generic, fast and flexible logging library for Java

Details:

It was discovered that logback could read malicious configuration files
from LDAP servers. An attacker with the required permissions could possibly
use this issue to execute arbitrary code. This issue only affected Ubuntu
16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. (CVE-2021-42550) It was
discovered that logback contained a serialization vulnerability. An
attacker could possibly use this issue to cause a denial of service.
(CVE-2023-6378)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 22.04 LTS
liblogback-java 1:1.2.10-1ubuntu0.1~esm1
Available with Ubuntu Pro

Ubuntu 20.04 LTS
liblogback-java 1:1.2.3-5ubuntu0.1~esm1
Available with Ubuntu Pro

Ubuntu 18.04 LTS
liblogback-java 1:1.2.3-2ubuntu1~18.04.1+esm1
Available with Ubuntu Pro

Ubuntu 16.04 LTS
liblogback-java 1:1.1.3-2ubuntu0.1~esm1
Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-7616-1
CVE-2021-42550, CVE-2023-6378

--===============9029550056961967597==Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature

 

TOP