SUSE alert openSUSE-SU-2026:10544-1 (log4j) [LWN.net]


From:
               null@suse.de
To:
               security-announce@lists.opensuse.org
Subject:
               openSUSE-SU-2026:10544-1: moderate: log4j-2.20.0-2.1 on GA media
Date:
               Wed, 15 Apr 2026 17:37:35 +0200
Message-ID:
               <20260415153735.A9159FD57@maintenance.suse.de>
Archive-link:
               Article
# log4j-2.20.0-2.1 on GA media

Announcement ID: openSUSE-SU-2026:10544-1
Rating: moderate

Cross-References:

  * CVE-2026-34477
  * CVE-2026-34479
  * CVE-2026-34480
  * CVE-2026-34481



CVSS scores:

  * CVE-2026-34477 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N
  * CVE-2026-34479 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
  * CVE-2026-34480 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
  * CVE-2026-34481 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Affected Products:

  * openSUSE Tumbleweed


An update that solves 4 vulnerabilities can now be installed.

## Description:

These are all security issues fixed in the log4j-2.20.0-2.1 package on the GA media of openSUSE
Tumbleweed.

## Package List:

  * openSUSE Tumbleweed:
    * log4j 2.20.0-2.1
    * log4j-bom 2.20.0-2.1
    * log4j-javadoc 2.20.0-2.1
    * log4j-jcl 2.20.0-2.1
    * log4j-jmx-gui 2.20.0-2.1
    * log4j-nosql 2.20.0-2.1
    * log4j-slf4j 2.20.0-2.1
    * log4j-taglib 2.20.0-2.1
    * log4j-web 2.20.0-2.1

## References:

  * https://www.suse.com/security/cve/CVE-2026-34477.html
  * https://www.suse.com/security/cve/CVE-2026-34479.html
  * https://www.suse.com/security/cve/CVE-2026-34480.html
  * https://www.suse.com/security/cve/CVE-2026-34481.html

From:		null@suse.de
To:		security-announce@lists.opensuse.org
Subject:		openSUSE-SU-2026:10544-1: moderate: log4j-2.20.0-2.1 on GA media
Date:		Wed, 15 Apr 2026 17:37:35 +0200
Message-ID:		<20260415153735.A9159FD57@maintenance.suse.de>
Archive-link:		Article