{"id":"USN-7616-1","summary":"logback vulnerabilities","details":"It was discovered that logback could read malicious configuration files\nfrom LDAP servers. An attacker with the required permissions could possibly\nuse this issue to execute arbitrary code. This issue only affected Ubuntu\n16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. (CVE-2021-42550)  It was\ndiscovered that logback contained a serialization vulnerability. An\nattacker could possibly use this issue to cause a denial of service.\n(CVE-2023-6378)","modified":"2026-05-20T16:03:46.318248082Z","published":"2025-07-02T18:53:34Z","related":["UBUNTU-CVE-2021-42550","UBUNTU-CVE-2023-6378"],"upstream":["CVE-2021-42550","CVE-2023-6378","UBUNTU-CVE-2021-42550","UBUNTU-CVE-2023-6378"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-7616-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2021-42550"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2023-6378"}],"affected":[{"package":{"name":"logback","ecosystem":"Ubuntu:Pro:16.04:LTS","purl":"pkg:deb/ubuntu/logback?arch=source&distro=esm-infra-legacy%2Fxenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:1.1.3-2ubuntu0.1~esm1"}]}],"versions":["1:1.1.3-2"],"ecosystem_specific":{"binaries":[{"binary_version":"1:1.1.3-2ubuntu0.1~esm1","binary_name":"liblogback-java"}],"availability":"Available with Ubuntu Pro with Legacy support add-on: https://ubuntu.com/pro"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7616-1.json","cves_map":{"cves":[],"ecosystem":"Ubuntu:Pro:16.04:LTS"}}},{"package":{"name":"logback","ecosystem":"Ubuntu:Pro:18.04:LTS","purl":"pkg:deb/ubuntu/logback?arch=source&distro=esm-apps%2Fbionic"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:1.2.3-2ubuntu1~18.04.1+esm1"}]}],"versions":["1:1.1.9-4","1:1.1.9-5","1:1.2.3-2","1:1.2.3-2ubuntu1~18.04.1"],"ecosystem_specific":{"binaries":[{"binary_name":"liblogback-java","binary_version":"1:1.2.3-2ubuntu1~18.04.1+esm1"}],"availability":"Available with Ubuntu Pro: https://ubuntu.com/pro"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7616-1.json","cves_map":{"cves":[{"severity":[{"score":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2021-42550"},{"severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2023-6378"}],"ecosystem":"Ubuntu:Pro:18.04:LTS"}}},{"package":{"name":"logback","ecosystem":"Ubuntu:Pro:20.04:LTS","purl":"pkg:deb/ubuntu/logback?arch=source&distro=esm-apps%2Ffocal"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:1.2.3-5ubuntu0.1~esm1"}]}],"versions":["1:1.2.3-5"],"ecosystem_specific":{"binaries":[{"binary_version":"1:1.2.3-5ubuntu0.1~esm1","binary_name":"liblogback-java"}],"availability":"Available with Ubuntu Pro: https://ubuntu.com/pro"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7616-1.json","cves_map":{"cves":[{"severity":[{"score":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2021-42550"},{"severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2023-6378"}],"ecosystem":"Ubuntu:Pro:20.04:LTS"}}},{"package":{"name":"logback","ecosystem":"Ubuntu:Pro:22.04:LTS","purl":"pkg:deb/ubuntu/logback?arch=source&distro=esm-apps%2Fjammy"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:1.2.10-1ubuntu0.1~esm1"}]}],"versions":["1:1.2.3-6","1:1.2.7-1","1:1.2.8-1","1:1.2.9-1","1:1.2.10-1"],"ecosystem_specific":{"binaries":[{"binary_version":"1:1.2.10-1ubuntu0.1~esm1","binary_name":"liblogback-java"}],"availability":"Available with Ubuntu Pro: https://ubuntu.com/pro"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7616-1.json","cves_map":{"cves":[{"severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2023-6378"}],"ecosystem":"Ubuntu:Pro:22.04:LTS"}}}],"schema_version":"1.7.5"}