Log4J Sicherheitslücke beheben (CVE-2021-44228 / Log4Shell / Zero-Day / Remote Code Execution )

Um die Sicherheitslücke für Apache Solr 8.x zu schließen:

1. Umgebungsvariable setzen

export LOG4J_FORMAT_MSG_NO_LOOKUPS=true

2. Dateien ersetzen

Alte Dateien (in /opt/solr/server/lib/ext)

log4j-1.2-api-2.14.1.jar
log4j-api-2.14.1.jar
log4j-core-2.14.1.jar
log4j-slf4j-impl-2.14.1.jar
log4j-web-2.14.1.jar

ersetzen durch neue Dateien:

log4j-1.2-api-2.16.0.jar
log4j-api-2.16.0.jar
log4j-core-2.16.0.jar
log4j-slf4j-impl-2.16.0.jar
log4j-web-2.16.0.jar


3. Solr neu starten

service solr restart
/etc/init.d/solr restart

4. Remote Verbindungen blockieren

iptables -A INPUT -p tcp -s localhost --dport 8983 -j ACCEPT
iptables -A INPUT -p tcp --dport 8983 -j DROP

 

5. Apache Solr aktualisieren (sobald neue Version da ist)

Die letzte Version 8.11.0 ist nicht sicher(Stand 14.12.2021). Sobald 8.11.1 (oder höher) da ist, sollte man Solr aktualisieren.

 

Comments

Neuen Kommentar schreiben

CAPTCHA
This question is for testing whether or not you are a human visitor and to prevent automated spam submissions.

Suche

Neueste Kommentare

  • 6 hours 53 minutes ago
    TypeError: Cannot assign null to property Drupal \ views \ Plugin \ views \ argument \ ArgumentPluginBase::$operator of type string

    Das geht auch:

          $this->operator = $break->operator ?? '' ;
  • 1 week 4 days ago
    Bootstrap 5 subtheme is not properly configured. This may be caused by a problem with file or directory permissions.
  • 6 hours 53 minutes ago
    TypeError: Cannot assign null to property Drupal \ views \ Plugin \ views \ argument \ ArgumentPluginBase::$operator of type string

    It works too:

    • web/core/modules/views/src/Plugin/views/argument/NumericArgument.php 

    Line 63, 96 :

  • 2 weeks 6 days ago
    Site URI : http://default (Drupal, how2 update config?)

    Add this line to drupalroot/vendor/drush/drush/drush.yml

    
    options:
         uri: 'https://www.example.com/'
    

     

    drush.yml looks like:

  • 1 month 3 weeks ago
    Webserver CPU Performance Test mit PHP

    Time: 0,19 

    CPU: AMD Ryzen 7 PRO 3700 8-Core Processor

  • 3 months 1 week ago
    TypeError: Cannot assign null to property Drupal \ views \ Plugin \ views \ argument \ ArgumentPluginBase::$operator of type string

    Line 63, 99 :

     -    $this->operator = $break->operator;
     +    if($break->operator){
     +        $this->operator = $break->operator;
     +    }

     

  • 4 months 1 week ago
    Drupal + Basic_Auth Problem : You do not have permission to access this page (Sie haben keine Zugriffsberechtigung für diese Seite. )

    My problem was:

  • 4 months 1 week ago
    Drupal Upgrade (Drupal 9 » Drupal 10)

    I had this exact issue and your site was the only place I found the fix.

    It'd be nice if the module developer applied your fix though.

    Good work! Much appreciated!

  • 5 months 2 weeks ago
    The datasource with ID 'elstut--entity:node' could not be retrieved for index (Drupal, Solr)

    Hier ist die Lösung. (/admin/config/search/search-api/server/solr_server/edit)

    Multisite-Kompatibilität
     + Nur Ergebnisse von dieser Seite beziehen
     

  • 5 months 2 weeks ago
    PDOException: SQLSTATE[40001]: Serialization failure: 1213 Deadlock found when trying to get lock

     

    Ich bekomme diese Fehlermeldung: