August Third Party Package updates in Splunk Enterprise and Universal Forwarders
Advisory ID: SVD-2022-0804
Published: 2022-08-16
Last Update: 2022-08-16
Description
Splunk Enterprise and Universal Forwarders remedied multiple CVEs in Third Party Packages in versions 8.1.11, 8.2.7.1, and 9.0.1 and Splunk Cloud Platform with version 9.0.2205, including the following:
| CVE | Package | Remediation | Severity |
|---|---|---|---|
| CVE-2022-2068 | OpenSSL1.0.2 | Upgraded to OpenSSL 1.0.2zf | Informational |
| CVE-2021-3541 | libxml2 | Applied patch | Medium |
| CVE-2022-29824 | libxml2 | Applied patch | Medium |
| CVE-2022-29824 | libxml2 | Applied patch | Medium |
Solution
For Splunk Enterprise and Universal Forwarders, upgrade to 8.1.11, 8.2.7.1, 9.0.1, or higher.
For Splunk Cloud Platform customers, Splunk is actively patching and monitoring Splunk Cloud instances.
Severity
CVE-2022-2068
Splunk Enterprise and Universal Forwarders do not include the rehash or c_rehash functionality. However, out of an abundance of caution, Splunk upgraded OpenSSL to 1.0.2zf.
CVE-2021-3541
Splunk adopted NVD’s scoring of 6.5, Medium with a CVSSv3.1 vector of CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H.
CVE-2022-209824
Splunk adopted NVD’s scoring of 6.5, Medium with a CVSSv3.1 vector of CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H.
CVE-2022-23308
Splunk adopted a severity in line with NVD’s scoring of CVE-2022-209824 and CVE-2021-3541. Splunk rates CVE-2022-233089 as 6.5, Medium with a CVSSv3.1 vector of CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H.