==========================================================================
Ubuntu Security Notice USN-7616-1
July 02, 2025

logback vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS

Summary:

Several security issues were fixed in logback.

Software Description:
- logback: A reliable, generic, fast and flexible logging library for Java

Details:

It was discovered that logback could read malicious configuration files
from LDAP servers. An attacker with the required permissions could possibly
use this issue to execute arbitrary code. This issue only affected Ubuntu
16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. (CVE-2021-42550)  It was
discovered that logback contained a serialization vulnerability. An
attacker could possibly use this issue to cause a denial of service.
(CVE-2023-6378)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 22.04 LTS
  liblogback-java                 1:1.2.10-1ubuntu0.1~esm1
                                  Available with Ubuntu Pro

Ubuntu 20.04 LTS
  liblogback-java                 1:1.2.3-5ubuntu0.1~esm1
                                  Available with Ubuntu Pro

Ubuntu 18.04 LTS
  liblogback-java                 1:1.2.3-2ubuntu1~18.04.1+esm1
                                  Available with Ubuntu Pro

Ubuntu 16.04 LTS
  liblogback-java                 1:1.1.3-2ubuntu0.1~esm1
                                  Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-7616-1
  CVE-2021-42550, CVE-2023-6378