How do i go about patching? I can’t find anything easily explained in common english. I am not a server or systems admin like a lot of you are. I am new to linux and am very frustrated with trying to figure out how to patch this vulnerability.
Everything is vague and meant for people who have experience with this kind of thing.
To be clear, only the server side is in trouble? Are clients and client programs relatively safe or are we all just ultimately F***ed up because by nature of the vulnerability residing in a server, the servers will eventually pwn all of us as well?
Comes down to what generates (and then validates) logs, surely?
And that could be any number of services?
I don’t run a website, not even a personal blog, but things like cockpit, steam client, filezilla etc, all potentially log stuff. IF
any of them use log4j, a bad string in an error might cause it. but I just gotta hope any apps get patched before exploited. Or, I could run open software, and actually check source code… but I am too smoothbarined for that…
I will be happily corrected, (very grateful) but if a bad actor can a- generate an error, and b- get the string passed to the error, I’m a bit stumped.