Ubuntu Security Notice 5222-1 - It was discovered that Apache Log4j 2 was vulnerable to remote code execution attack when configured to use a JDBC Appender with a JNDI LDAP data source URI. A remote attacker could possibly use this issue to cause a crash, leading to a denial of service. Hideki Okamoto and Guy Lederfein discovered that Apache Log4j 2 did not protect against infinite recursion in lookup evaluation. A remote attacker could possibly use this issue to cause Apache Log4j 2 to crash, leading to a denial of service. This issue only affected Ubuntu 18.04 LTS. Continue reading...