patternsqlModerate
Log4j CVE-2021-44228 - vulnerability in MySQL hosts
Viewed 0 times
44228vulnerabilityhostsmysqllog4j2021cve
Problem
I have a question regarding the Log4j vulnerability (CVE-2021-44228) in some of my MySQL hosts.
Even though I see it is not installed by MySQL, wanted to confirm if MySQL uses this package anyway for any of its feature.
Is there a way to find out the list of applications that use a specific rpm package in RHEL?
If there is no dependency with MySQL, I can check with the application team for the fix.
Thanks
Even though I see it is not installed by MySQL, wanted to confirm if MySQL uses this package anyway for any of its feature.
Is there a way to find out the list of applications that use a specific rpm package in RHEL?
If there is no dependency with MySQL, I can check with the application team for the fix.
Thanks
Solution
Your friends are probably
Running an
Running the same for
So at first sight nothing there that would suggest that
Let's try a reverse lookup using the syntax
Nothing there. So let's do the same for
Looking good. And the reverse depends with
```
root@servername:~# apt rdepends log4j
liblog4j1.2-java
Reverse Depends:
Depends: libzookeeper-java (>> 1.2.15-8)
Depends: mobile-atlas-creator
Recommends: libuima-core-java
Depends: libthrift-java
Suggests: libspring-core-java
Depends: libresteasy3.0-java
Suggests: libquartz-java (>= 1.2.17)
Depends: libopenjpa-java
Suggests: libnetty-java (>= 1.2.17)
Suggests: libnetty-3.9-java (>= 1.2.17)
Recommends: liblucene3-contrib-java
Depends: libjaxe-java
Suggests: libc3p0-java
Depends: libapacheds-java
Depends: libapache-poi-java
Depends: jftp
Suggests: ant-optional
Depends: activemq
Depends: jajuk
Depends: igv
Depends: umlet
Depends: pegasus-wms
Depends: natbraille
Depends: mobile-atlas-creator
Depends: logol
Depends: libdoxia-java (>= 1.2.17)
Suggests: libxbean-reflect-java
Suggests: libxbean-java (>= 1.2.17)
Depends: libvamsas-client-java
Recommends: libuima-core-java
Depends: libuima-as-java (>= 1.2.17)
Depends: libuima-addons-java (>= 1.2.17)
Depends: libthrift-java
Suggests: libspring-core-java
Suggests: libslf4j-java
Suggests: libquartz-java (>= 1.2.17)
Depends: libowasp-esapi-java (>= 1.2.17)
Depends: libopsin-java
Depends: libopenjpa-java
Suggests: libopenid4
apt depends and apt rdepends .Running an
apt depends mysql-server will start rolling up from MySQL:root@servername:~# apt depends mysql-server
mysql-server
Depends: mysql-server-5.7Running the same for
mysql-server-5.7 produces:root@servername:~# apt depends mysql-server-5.7
mysql-server-5.7
PreDepends: adduser (>= 3.40)
PreDepends: debconf
PreDepends: mysql-common (>= 5.5)
Depends: bsdutils
bsdutils:i386
Depends: lsb-base (>= 3.0-10)
Depends: mysql-client-5.7 (>= 5.7.36-0ubuntu0.18.04.1)
Depends: mysql-common (>= 5.8+1.0.4~)
Depends: mysql-server-core-5.7 (= 5.7.36-0ubuntu0.18.04.1)
Depends: passwd
passwd:i386
Depends: perl (>= 5.6)
Depends: psmisc
psmisc:i386
|Depends: debconf (>= 0.5)
Depends:
cdebconf
debconf
Depends: libc6 (>= 2.14)
Depends: libevent-core-2.1-6 (>= 2.1.8-stable)
Depends: libgcc1 (>= 1:3.0)
Depends: liblz4-1 (>= 0.0~r127)
Depends: libssl1.1 (>= 1.1.1)
Depends: libstdc++6 (>= 5.2)
Depends: zlib1g (>= 1:1.1.4)
Conflicts:
Conflicts:
Conflicts:
percona-xtradb-cluster-server-5.7
mariadb-server-10.1
Breaks: (
bsd-mailx
mailutils
Suggests: tinyca
Replaces:
Replaces:
Replaces: (
percona-xtradb-cluster-server-5.7
mariadb-server-10.1
mysql-server-5.7So at first sight nothing there that would suggest that
log4j is involved.Let's try a reverse lookup using the syntax
apt rdepends :root@servername:~# apt rdepends mysql-server-5.7
mysql-server-5.7
Reverse Depends:
Depends: mysql-testsuite-5.7 (= 5.7.36-0ubuntu0.18.04.1)
Depends: mysql-server
Replaces: percona-xtradb-cluster-server-5.7
Breaks: percona-xtradb-cluster-server-5.7
Depends: mysql-testsuite-5.7 (= 5.7.21-1ubuntu1)
Conflicts: mariadb-server-core-10.1
Replaces: mariadb-server-10.1
Breaks: mariadb-server-10.1
Depends: mysql-server
|Depends: mythtv-backend-master
|Depends: mythtv
Replaces: percona-xtradb-cluster-server-5.7
Breaks: percona-xtradb-cluster-server-5.7
Depends: mysql-server
Conflicts: mariadb-server-core-10.1
Replaces: mariadb-server-10.1
Breaks: mariadb-server-10.1
Depends: default-mysql-serverNothing there. So let's do the same for
log4j with depends:root@servername:~# apt depends *log4j*
liblog4j1.2-java
Suggests: liblog4j1.2-java-doc
Suggests: libmail-java
liblog4j2-java
Depends: liblightcouch-java
Depends: libmongodb-java
Suggests: liblog4j2-java-doc
Suggests: libcommons-compress-java
Suggests: libcommons-csv-java (>= 1.5)
Suggests: libconversant-disruptor-java (>= 1.2.11)
Suggests: libdisruptor-java (>= 3.3.7)
Suggests: libgeronimo-jms-1.1-spec-java
Suggests: libjackson2-core-java (>= 2.9.4)
Suggests: libjackson2-databind-java
Suggests: libjackson2-dataformat-xml-java
Suggests: libjackson2-dataformat-yaml (>= 2.8.10)
Suggests: libjansi-java (>= 1.16)
Suggests: libjcommander-java
Suggests: libjctools-java
Suggests: libjeromq-java
Suggests: libjpa-2.1-spec-java (>= 2.1.0)
Suggests: libmail-java (>= 1.6.1)
Suggests: libwoodstox-java (>= 4.1.3)
liblog4j1.2-java-doc
Depends: default-jdk-doc
liblog4j-extras1.2-java
Depends: libapache-pom-java (>= 18)
Depends: liblog4j1.2-java (>= 1.2.17)
Suggests: libgeronimo-jms-1.1-spec-java
Suggests: liblog4j-extras1.2-java-doc
liblog4j-extras1.2-java-doc
Recommends: default-jdk-doc
Recommends: liblog4j1.2-java-doc
Suggests: liblog4j-extras1.2-java
liblog4j2-java-doc
Depends: default-jdk-doc
Suggests: liblog4j2-java
node-log4js
Depends: nodejs (>= 0.10.0)
Depends: node-async (>= 0.1.15)Looking good. And the reverse depends with
rdepends looks good too:```
root@servername:~# apt rdepends log4j
liblog4j1.2-java
Reverse Depends:
Depends: libzookeeper-java (>> 1.2.15-8)
Depends: mobile-atlas-creator
Recommends: libuima-core-java
Depends: libthrift-java
Suggests: libspring-core-java
Depends: libresteasy3.0-java
Suggests: libquartz-java (>= 1.2.17)
Depends: libopenjpa-java
Suggests: libnetty-java (>= 1.2.17)
Suggests: libnetty-3.9-java (>= 1.2.17)
Recommends: liblucene3-contrib-java
Depends: libjaxe-java
Suggests: libc3p0-java
Depends: libapacheds-java
Depends: libapache-poi-java
Depends: jftp
Suggests: ant-optional
Depends: activemq
Depends: jajuk
Depends: igv
Depends: umlet
Depends: pegasus-wms
Depends: natbraille
Depends: mobile-atlas-creator
Depends: logol
Depends: libdoxia-java (>= 1.2.17)
Suggests: libxbean-reflect-java
Suggests: libxbean-java (>= 1.2.17)
Depends: libvamsas-client-java
Recommends: libuima-core-java
Depends: libuima-as-java (>= 1.2.17)
Depends: libuima-addons-java (>= 1.2.17)
Depends: libthrift-java
Suggests: libspring-core-java
Suggests: libslf4j-java
Suggests: libquartz-java (>= 1.2.17)
Depends: libowasp-esapi-java (>= 1.2.17)
Depends: libopsin-java
Depends: libopenjpa-java
Suggests: libopenid4
Code Snippets
root@servername:~# apt depends mysql-server
mysql-server
Depends: mysql-server-5.7root@servername:~# apt depends mysql-server-5.7
mysql-server-5.7
PreDepends: adduser (>= 3.40)
PreDepends: debconf
PreDepends: mysql-common (>= 5.5)
Depends: bsdutils
bsdutils:i386
Depends: lsb-base (>= 3.0-10)
Depends: mysql-client-5.7 (>= 5.7.36-0ubuntu0.18.04.1)
Depends: mysql-common (>= 5.8+1.0.4~)
Depends: mysql-server-core-5.7 (= 5.7.36-0ubuntu0.18.04.1)
Depends: passwd
passwd:i386
Depends: perl (>= 5.6)
Depends: psmisc
psmisc:i386
|Depends: debconf (>= 0.5)
Depends: <debconf-2.0>
cdebconf
debconf
Depends: libc6 (>= 2.14)
Depends: libevent-core-2.1-6 (>= 2.1.8-stable)
Depends: libgcc1 (>= 1:3.0)
Depends: liblz4-1 (>= 0.0~r127)
Depends: libssl1.1 (>= 1.1.1)
Depends: libstdc++6 (>= 5.2)
Depends: zlib1g (>= 1:1.1.4)
Conflicts: <mysql-client-5.5>
Conflicts: <mysql-server-5.5>
Conflicts: <virtual-mysql-server>
percona-xtradb-cluster-server-5.7
mariadb-server-10.1
Breaks: <mysql-server-5.6> (<< 5.7)
Recommends: libhtml-template-perl
Suggests: <mailx>
bsd-mailx
mailutils
Suggests: tinyca
Replaces: <mysql-client-5.5>
Replaces: <mysql-server-5.5>
Replaces: <mysql-server-5.6> (<< 5.7)
Replaces: <virtual-mysql-server>
percona-xtradb-cluster-server-5.7
mariadb-server-10.1
mysql-server-5.7root@servername:~# apt rdepends mysql-server-5.7
mysql-server-5.7
Reverse Depends:
Depends: mysql-testsuite-5.7 (= 5.7.36-0ubuntu0.18.04.1)
Depends: mysql-server
Replaces: percona-xtradb-cluster-server-5.7
Breaks: percona-xtradb-cluster-server-5.7
Depends: mysql-testsuite-5.7 (= 5.7.21-1ubuntu1)
Conflicts: mariadb-server-core-10.1
Replaces: mariadb-server-10.1
Breaks: mariadb-server-10.1
Depends: mysql-server
|Depends: mythtv-backend-master
|Depends: mythtv
Replaces: percona-xtradb-cluster-server-5.7
Breaks: percona-xtradb-cluster-server-5.7
Depends: mysql-server
Conflicts: mariadb-server-core-10.1
Replaces: mariadb-server-10.1
Breaks: mariadb-server-10.1
Depends: default-mysql-serverroot@servername:~# apt depends *log4j*
liblog4j1.2-java
Suggests: liblog4j1.2-java-doc
Suggests: libmail-java
liblog4j2-java
Depends: liblightcouch-java
Depends: libmongodb-java
Suggests: liblog4j2-java-doc
Suggests: libcommons-compress-java
Suggests: libcommons-csv-java (>= 1.5)
Suggests: libconversant-disruptor-java (>= 1.2.11)
Suggests: libdisruptor-java (>= 3.3.7)
Suggests: libgeronimo-jms-1.1-spec-java
Suggests: libjackson2-core-java (>= 2.9.4)
Suggests: libjackson2-databind-java
Suggests: libjackson2-dataformat-xml-java
Suggests: libjackson2-dataformat-yaml (>= 2.8.10)
Suggests: libjansi-java (>= 1.16)
Suggests: libjcommander-java
Suggests: libjctools-java
Suggests: libjeromq-java
Suggests: libjpa-2.1-spec-java (>= 2.1.0)
Suggests: libmail-java (>= 1.6.1)
Suggests: libwoodstox-java (>= 4.1.3)
liblog4j1.2-java-doc
Depends: default-jdk-doc
liblog4j-extras1.2-java
Depends: libapache-pom-java (>= 18)
Depends: liblog4j1.2-java (>= 1.2.17)
Suggests: libgeronimo-jms-1.1-spec-java
Suggests: liblog4j-extras1.2-java-doc
liblog4j-extras1.2-java-doc
Recommends: default-jdk-doc
Recommends: liblog4j1.2-java-doc
Suggests: liblog4j-extras1.2-java
liblog4j2-java-doc
Depends: default-jdk-doc
Suggests: liblog4j2-java
node-log4js
Depends: nodejs (>= 0.10.0)
Depends: node-async (>= 0.1.15)root@servername:~# apt rdepends *log4j*
liblog4j1.2-java
Reverse Depends:
Depends: libzookeeper-java (>> 1.2.15-8)
Depends: mobile-atlas-creator
Recommends: libuima-core-java
Depends: libthrift-java
Suggests: libspring-core-java
Depends: libresteasy3.0-java
Suggests: libquartz-java (>= 1.2.17)
Depends: libopenjpa-java
Suggests: libnetty-java (>= 1.2.17)
Suggests: libnetty-3.9-java (>= 1.2.17)
Recommends: liblucene3-contrib-java
Depends: libjaxe-java
Suggests: libc3p0-java
Depends: libapacheds-java
Depends: libapache-poi-java
Depends: jftp
Suggests: ant-optional
Depends: activemq
Depends: jajuk
Depends: igv
Depends: umlet
Depends: pegasus-wms
Depends: natbraille
Depends: mobile-atlas-creator
Depends: logol
Depends: libdoxia-java (>= 1.2.17)
Suggests: libxbean-reflect-java
Suggests: libxbean-java (>= 1.2.17)
Depends: libvamsas-client-java
Recommends: libuima-core-java
Depends: libuima-as-java (>= 1.2.17)
Depends: libuima-addons-java (>= 1.2.17)
Depends: libthrift-java
Suggests: libspring-core-java
Suggests: libslf4j-java
Suggests: libquartz-java (>= 1.2.17)
Depends: libowasp-esapi-java (>= 1.2.17)
Depends: libopsin-java
Depends: libopenjpa-java
Suggests: libopenid4java-java
Suggests: libnetty-java (>= 1.2.17)
Suggests: libnetty-3.9-java (>= 1.2.17)
Depends: libmpj-java
Depends: libmime-util-java (>= 1.2.17)
Depends: libmavibot-java (>= 1.2.17)
Recommends: liblucene3-contrib-java
Depends: liblttng-ust-agent-java
Depends: liblog4j-extras1.2-java (>= 1.2.17)
Suggests: libjgroups-java
Depends: libjglobus-ssl-proxies-java
Recommends: libjenkins-json-java (>= 1.2.17)
Depends: libjaxe-java
Depends: libjas-java
Depends: libjaba-client-java
Depends: libgradle-android-plugin-java
Depends: libgmetrics-groovy-java
Depends: libexcalibur-logkit-java
Depends: libexcalibur-logger-java
Depends: eclipse-wtp-ws (>= 1.2.17-7ubuntu1)
Suggests: libcommons-logging-java
Depends: libcodenarc-groovy-java
Depends: libcdk-java
Suggests: libc3p0-java
Depends: libapache-poi-java
Depends: jftp
Depends: jets3t
Depends: jalview
Depends: iamcli
Depends: eclipse-wtp-xsl (>= 1.2.17-7ubuntu1)
Depends: activemq
Depends: davmail
Depends: artemis
Suggests: ant-optional
liblog4j2-java
Reverse Depends:
Suggests: libnetty-java (>= 2.10.0)
|Depends: jabref (>= 2.10.0-2)
Depends: jabref (<< 2.10)
|Depends: jabref (>= 2.10.0-2)
Suggests: libnetty-java (>= 2.8.2)
Suggests: liblog4j2-java-doc
Depends: libbiojava4.0-java
Depends: jabref (<< 2.10)
liblog4j1.2-java-doc
Reverse Depends:
Depends: libdoxia-java-doc
Suggests: liblog4j1.2-java
Depends: libowasp-esapi-java-doc
Suggests: liblog4j1.2-java
Recommends: liblog4j-extras1.2-java-doc
Recommends: libjenkins-json-java-doc
Recommends: libfreemarker-java-doc
liblog4j-extras1.2-java
Reverse Depends:
Suggests: liblog4j-extras1.2-java-doc
liblog4j-extras1.2-java-doc
Reverse DepenContext
StackExchange Database Administrators Q#303863, answer score: 12
Revisions (0)
No revisions yet.