Security : Log4j vulnerability

[pcar75]

Bonjour,
Does any part of your systems (client, server, directory server ; libraries, framework, etc.) uses Log4j ?
Thanks for any info !

[rdica]

@pcar75 I don't see it as a build or runtime dependency for the jamulus executable in linux:

ldd /home/ardy/src/jamulus-r3_8_1/jamulus
	linux-vdso.so.1 (0x00007fffbe1f2000)
	libpthread.so.0 => /lib64/libpthread.so.0 (0x00007fa212dba000)
	libQt5Network.so.5 => /lib64/libQt5Network.so.5 (0x00007fa212c01000)
	libQt5Xml.so.5 => /lib64/libQt5Xml.so.5 (0x00007fa212bba000)
	libQt5Core.so.5 => /lib64/libQt5Core.so.5 (0x00007fa212630000)
	libstdc++.so.6 => /lib64/libstdc++.so.6 (0x00007fa212411000)
	libm.so.6 => /lib64/libm.so.6 (0x00007fa2122cd000)
	libgcc_s.so.1 => /lib64/libgcc_s.so.1 (0x00007fa2122b0000)
	libc.so.6 => /lib64/libc.so.6 (0x00007fa2120e1000)
	/lib64/ld-linux-x86-64.so.2 (0x00007fa212deb000)
	libz.so.1 => /lib64/libz.so.1 (0x00007fa2120c7000)
	libdl.so.2 => /lib64/libdl.so.2 (0x00007fa2120c0000)
	libgssapi_krb5.so.2 => /lib64/libgssapi_krb5.so.2 (0x00007fa212069000)
	libssl.so.1.1 => /lib64/libssl.so.1.1 (0x00007fa211fcc000)
	libcrypto.so.1.1 => /lib64/libcrypto.so.1.1 (0x00007fa211cdc000)
	libsystemd.so.0 => /lib64/libsystemd.so.0 (0x00007fa211c18000)
	libicui18n.so.67 => /lib64/libicui18n.so.67 (0x00007fa21190c000)
	libicuuc.so.67 => /lib64/libicuuc.so.67 (0x00007fa21171f000)
	libpcre2-16.so.0 => /lib64/libpcre2-16.so.0 (0x00007fa211696000)
	libglib-2.0.so.0 => /lib64/libglib-2.0.so.0 (0x00007fa21155c000)
	libkrb5.so.3 => /lib64/libkrb5.so.3 (0x00007fa21147c000)
	libk5crypto.so.3 => /lib64/libk5crypto.so.3 (0x00007fa211464000)
	libcom_err.so.2 => /lib64/libcom_err.so.2 (0x00007fa21145d000)
	libkrb5support.so.0 => /lib64/libkrb5support.so.0 (0x00007fa21144c000)
	libkeyutils.so.1 => /lib64/libkeyutils.so.1 (0x00007fa211445000)
	libresolv.so.2 => /lib64/libresolv.so.2 (0x00007fa21142b000)
	librt.so.1 => /lib64/librt.so.1 (0x00007fa21141e000)
	liblzma.so.5 => /lib64/liblzma.so.5 (0x00007fa2113f2000)
	libzstd.so.1 => /lib64/libzstd.so.1 (0x00007fa2112fc000)
	liblz4.so.1 => /lib64/liblz4.so.1 (0x00007fa2112d8000)
	libcap.so.2 => /lib64/libcap.so.2 (0x00007fa2112ce000)
	libselinux.so.1 => /lib64/libselinux.so.1 (0x00007fa2112a2000)
	libgcrypt.so.20 => /lib64/libgcrypt.so.20 (0x00007fa211164000)
	libicudata.so.67 => /lib64/libicudata.so.67 (0x00007fa20f64b000)
	libpcre.so.1 => /lib64/libpcre.so.1 (0x00007fa20f5d3000)
	libpcre2-8.so.0 => /lib64/libpcre2-8.so.0 (0x00007fa20f53c000)
	libgpg-error.so.0 => /lib64/libgpg-error.so.0 (0x00007fa20f516000)

Given its a logging framework for java, it's possible that any web based services, or any part of the build pipeline may have a dependency on log4j.

[ghost]

Jamulus has nothing to do with Java.

Also try:
locate -ibe log4
On your linux system.