VITEC is actively responding to the latest major vulnerability detected in Apache Web Servers for Linux, code named “Log4Shell.” This vulnerability has been discovered in Apache Log4j 2 (an open source Java package) and can be exploited to enable remote code execution on Linux servers. NOTE: This vulnerability is not impacting the newer version of Apache Log4j (version 2.15).
Below is the list of affected product/s. We have issued a security hot-fix which is currently being validated and is expected to be available for by Friday, December 17, 2022.
Due to the severity of this vulnerability and the broad circulation of the exploited code, VITEC is strongly recommending that this security patch is applied as soon as it is available.
|Part Number||Product Name||Product Version|
|17448||EZ TV VOD-ML (Physical Server)||8.1.0.x , 8.1.1.x , 8.1.5.x|
|17447||EZ TV VOD-ML (Virtual Server)||8.1.0.x , 8.1.1.x , 8.1.5.x|
|18257||EZ TV VOD (Physical Server)||8.1.0.x , 8.1.1.x , 8.1.5.x|
|18258||EZ TV VOD (Virtual Server)||8.1.0.x , 8.1.1.x , 8.1.5.x|
Please login to the VITEC Helpdesk and request a support ticket if impacted by the Log4Shell vulnerability. The VITEC Support Team will provide the necessary security hot-fix package and information how to apply once available.
At the link below it is possible to download a PDF version of this announcement