I ran a shell script (
https://github.com/rubo77/log4j_checker_beta) on my
CentOS 7 workstations and found that log4j is used quite extensively in
Topspin and there are quite a few log4j files to be found in the Topspin tree.
Perhaps someone who has a better understanding of the recently discovered
vulnerabilities might be able to answer: does Topspin use the system level
log4j provided by log4j-1.2.17-16.el7_4.noarch.rpm, or is it embedded in
Topspin in a way that is not affected by changes/patches at the system level?
Does Topspin represent a security hole?
David VanderVelde
Manager, Liquids NMR Facility, Caltech
davidv_at_caltech.edu
Received on Mon Dec 20 2021 - 13:00:28 MST