Yajiuma no Mori
To help gather information
In "Yajiuma no Mori", we will tell you about a wide range of topics that are not limited to news and reviews.
Documents compiled by NCSC-NL on GitHub
This week, the software industry was all about the remote code execution vulnerability (CVE-2021-44228, commonly known as Log4Shell) discovered in Apache Log4j. Some of our readers may have been (or are being chased by) gathering information and taking countermeasures.
For information about the "Log4Shell" vulnerability, you should first refer to the official page of "Log4j" and the security advisory of IPA (Information-technology Promotion Agency, Japan).
Also, there are announcements from cloud service companies, so please refer to them according to the service you are using.
See the news article below for advisories from major hardware vendors.
Related articleIntel, AMD, and NVIDIA announce the impact of the "Apache Log4j" vulnerability (Log4Shell)
If you want to quickly find out if the apps and services you are using will be affected, NCSC-NL (Dutch government cyber security center) has compiled them on GitHub. It is a topic that some documents are useful.
Nearly 1,900 well-known products are listed in table format with information on whether they are vulnerable or not, whether the issue has been fixed, and if so, the link to the source. . It seems that updates are actively being done, so it would be useful to check it. Mitigations and vulnerability scans are also summarized from the top of the repository.
Covering nearly 2,000 famous products