---------- Forwarded message ---------
> From: AMMRL List <ammrlrev_at_webserver2.chem.hawaii.edu>
> Date: Wed, Dec 22, 2021 at 8:42 AM
> Subject: Re: AMMRL: log4j and Topspin
> To: Vander Velde, David <davidv_at_caltech.edu>, ammrl <ammrl_at_ammrl.org>
Dear David
we are aware of the issue and have already published a patch. It is one
patch for each operating system all affected versions of Topspin. Only
Topspin3.6.x and Topspin 4.x.x are affected. Older versions of Topspin are
ok.
It can be downloaded from here.
https://www.bruker.com/en/services/software-downloads/log4j-update.html
Best regards
Clemens
On 12/20/2021 6:00 PM, AMMRL List wrote:
**EXTERNAL EMAIL**
I ran a shell script (
https://github.com/rubo77/log4j_checker_beta) on my
CentOS 7 workstations and found that log4j is used quite extensively in
Topspin and there are quite a few log4j files to be found in the Topspin
tree.
Perhaps someone who has a better understanding of the recently discovered
vulnerabilities might be able to answer: does Topspin use the system level
log4j provided by log4j-1.2.17-16.el7_4.noarch.rpm, or is it embedded in
Topspin in a way that is not affected by changes/patches at the system
level? Does Topspin represent a security hole?
David VanderVelde
Manager, Liquids NMR Facility, Caltech
davidv_at_caltech.edu
--
==========================================================
Clemens Anklin Ph.D. Vice President
Bruker BioSpin NMR Applications & Training
15 Fortune Drive Phone: 978 667 9580 ext 5144
Billerica MA 01821 twitter: _at_canklin <https://twitter.com/canklin>
web: www.bruker.com <http://www.bruker.com/mr> e-mail:
clemens.anklin_at_bruker.com
==========================================================
Now is the best time to learn something new!
<https://www.bruker.com/en/landingpages/bbio/world-class-bruker-nmr-trainings-2021.html>
==========================================================
Received on Wed Dec 22 2021 - 08:53:28 MST