Hello, welcome to the Wednesday, April 20th, 2020 edition of the Sands and at Storm Center's

Stormcast. My name is Johannes Ulrich, and then I'm recording from Mary Esther, Florida.

Today I wrote up a quick post on how to deal with Linux systems that are using the U-boot bootloader.

U-boot is an alternative to crop.

It's often used for better devices, switches and the like.

So if you ever find yourself like I did to have to reset a password on a system using U-boot instead of Krupp.

You may find the post helpful.

Also, quick reminder here.

The reason I did this was for a net optics matrix switch that I got used at a good price,

and well, it still held logs back to 2008 in this case the logs also

included passwords and such so before you resell devices like this please go ahead and reset them

and today was oracle's critical patch update or a CPU CPU as Oracle abbreviates it for the quarter.

This quarter Oracle fixed a total of 520 different vulnerabilities across all of its products.

One vulnerability in particular stuck out and that was log 4j.

I did a quick search on their summary and found 110 mentions of Log 4J.

Of course, there are less vulnerabilities like this.

Sometimes log for j is just mentioned as a comment or such, but I would say it's fair to guess

that there are about 80 to 100

vulnerabilities that are Log 4J related. Not all of them are critical based on the exploitability

of the individual vulnerabilities, but for example, there is a 9.8 CVSS score vulnerability

related to Log 4J in Oracle's healthcare repository.

So if you use any kind of Oracle products, this includes Java, this includes things like

...