Alibaba Cloud detected the security vulnerability (CVE-2021-44228) about Apache Log4j2 and managed security risks at the earliest opportunity. For the affected cloud computers that use Ubuntu and CentOS images, WUYING Workspace has upgraded the images and fixed the vulnerability on December 30, 2021. For cloud computers that use Ubuntu and CentOS images and were created before December 30, 2021, we recommend that you apply the mitigation below to fix the vulnerability at the earliest opportunity.
Vulnerability details
Vulnerability ID: CVE-2021-44228
Severity: Critical
Affected cloud computer images:
Linux-Ubuntu-1804
Linux-Ubuntu-1804 vGPU
Linux-Ubuntu-2004
Linux-Ubuntu-2004 vGPU
Linux-CentOS-79
Linux-CentOS-79 vGPU
Security suggestions
If you created a cloud computer that used a Ubuntu or CentOS image on and before December 30, 2021, we recommend that you perform the following steps to fix the vulnerability:
Launch Terminal on the cloud computer.
Enter the following command in Terminal, and press the Enter key to run the command.
wget https://ecd-client.oss-cn-shanghai.aliyuncs.com/guest-env/scripts/fix_log4j2.sh && chmod +x fix_log4j2.sh && sudo ./fix_log4j2.sh