June Third Party Package Updates in Splunk Enterprise

Advisory ID: SVD-2023-0613

CVE ID:  Multiple

Published: 2023-06-01

Last Update: 2023-06-01

Description

Splunk remedied common vulnerabilities and exposures (CVEs) in Third Party Packages in versions 8.1.14, 8.2.11, and 9.0.5 of Splunk Enterprise, including the following:

PackageRemediationSeverity
libxml2PatchedCVE-2022-40303
libxml2PatchedCVE-2022-40304
OpenSSL 1.0.2Upgraded to 1.0.2zgCVE-2023-0286
OpenSSL 1.0.2Upgraded to 1.0.2zgCVE-2023-0215
OpenSSL 1.0.2Upgraded to 1.0.2zgCVE-2022-4304
curlUpgraded to 8.0.1CVE-2023-27538
curlUpgraded to 8.0.1CVE-2023-27537
curlUpgraded to 8.0.1CVE-2023-27536
curlUpgraded to 8.0.1CVE-2023-27535
curlUpgraded to 8.0.1CVE-2023-27534
curlUpgraded to 8.0.1CVE-2023-27533
curlUpgraded to 8.0.1CVE-2023-23916
curlUpgraded to 8.0.1CVE-2023-23915
curlUpgraded to 8.0.1CVE-2023-23914
curlUpgraded to 8.0.1CVE-2022-43552
curlUpgraded to 8.0.1CVE-2022-43551
curlUpgraded to 8.0.1CVE-2022-42916
curlUpgraded to 8.0.1CVE-2022-42915
curlUpgraded to 8.0.1CVE-2022-35260
curlUpgraded to 8.0.1CVE-2022-32221
curlUpgraded to 8.0.1CVE-2022-35252
curlUpgraded to 8.0.1CVE-2022-32208
curlUpgraded to 8.0.1CVE-2022-32207
curlUpgraded to 8.0.1CVE-2022-32206
curlUpgraded to 8.0.1CVE-2022-32205
curlUpgraded to 8.0.1CVE-2022-30115
curlUpgraded to 8.0.1CVE-2022-27782
curlUpgraded to 8.0.1CVE-2022-27781
curlUpgraded to 8.0.1CVE-2022-27780
curlUpgraded to 8.0.1CVE-2022-27779
curlUpgraded to 8.0.1CVE-2022-27778
curlUpgraded to 8.0.1CVE-2022-27776
curlUpgraded to 8.0.1CVE-2022-27775
curlUpgraded to 8.0.1CVE-2022-27774
curlUpgraded to 8.0.1CVE-2022-22576
curlUpgraded to 8.0.1CVE-2021-22947
curlUpgraded to 8.0.1CVE-2021-22946
curlUpgraded to 8.0.1CVE-2021-22945
curlUpgraded to 8.0.1CVE-2021-22926
curlUpgraded to 8.0.1CVE-2021-22925
curlUpgraded to 8.0.1CVE-2021-22924
curlUpgraded to 8.0.1CVE-2021-22923
curlUpgraded to 8.0.1CVE-2021-22922
curlUpgraded to 8.0.1CVE-2021-22901
curlUpgraded to 8.0.1CVE-2021-22898
curlUpgraded to 8.0.1CVE-2021-22897
curlUpgraded to 8.0.1CVE-2021-22890
curlUpgraded to 8.0.1CVE-2021-22876
curlUpgraded to 8.0.1CVE-2020-8286
curlUpgraded to 8.0.1CVE-2020-8285
curlUpgraded to 8.0.1CVE-2020-8284
curlUpgraded to 8.0.1CVE-2020-8231
curlUpgraded to 8.0.1CVE-2020-8177
curlUpgraded to 8.0.1CVE-2020-8169
libarchiveUpgraded to 3.6.2CVE-2022-36227
libarchiveUpgraded to 3.6.2CVE-2021-31566
libarchiveUpgraded to 3.6.2CVE-2021-36976
lz4Upgraded to 1.9.4CVE-2021-3520
SQLiteUpgraded to 3.41.2CVE-2022-35737
zlibApplied patchCVE-2018-25032
zlibApplied patchCVE-2022-37434
prismjsUpgraded to 1.2.9CVE-2020-15138
xmldomUpgraded to 0.7.9CVE-2022-37616
certifiUpgraded to 2022.12.7CVE-2022-23491
color-stringUpgraded to 1.5.5CVE-2021-29060
decode-uri-componentUpgraded to 0.2.1CVE-2022-38900
glob-parentUpgraded to 5.1.2CVE-2020-28469
json5Upgraded to 1.0.2CVE-2022-46175
json5Upgraded to 2.2.3CVE-2022-46175
loader-utilsUpgraded to 2.0.4CVE-2022-37599
loader-utilsUpgraded to 2.0.4CVE-2022-37601
loader-utilsUpgraded to 2.0.4CVE-2022-37603
minimatchUpgraded to 3.0.5CVE-2022-3517
momentUpgraded to 2.29.4CVE-2022-31129
path-parseUpgraded to 1.0.7CVE-2021-23343
postcssUpgraded to 7.0.36CVE-2021-23368
postcssUpgraded to 7.0.36CVE-2021-23382
python3Upgraded to 3.7.16CVE-2022-43680
qsUpgraded to 6.5.3CVE-2022-24999
ssriUppgraded to 6.0.2CVE-2020-7753
terserUpgraded to 4.8.1CVE-2022-25858
nth-checkUpgraded to 2.0.1CVE-2021-3803
trimUpgraded to 0.0.3CVE-2020-7753
css-whatUpgraded to 5.0.1CVE-2021-33587
dot-propUpgraded to 4.2.1CVE-2020-8116
ellipticUpgraded to 6.5.4CVE-2020-13822
gotUpgraded to 12.5.3CVE-2022-33987
jackson-databindUpgraded to 2.13.5CVE-2022-4200
jackson-databindUpgraded to 2.13.5CVE-2022-42004
json-smartUpgraded to 2.4.9CVE-2023-1370
kind-ofUpgraded to 6.0.3CVE-2019-20149
loader-utilsUpgraded to 1.4.2CVE-2022-37601
loader-utilsUpgraded to 2.0.4CVE-2022-37601
lodashUpgraded to 4.17.21CVE-2020-8203
lodash-esUpgraded to 4.17.21CVE-2019-10744
makoUpgraded to 1.2.4CVE-2022-40023
mixin-deepUpgraded to 1.3.2CVE-2019-10746
postcssUpgraded to 7.0.37CVE-2021-23382
normalize-urlUpgraded to 6.1.0CVE-2021-33502
ua-parser-jsUpgraded to 0.7.35CVE-2021-27292
urllib3Upgraded to 1.26.6CVE-2021-33503
websocket-extensionsUpgraded to 0.1.4CVE-2020-7662
y18nUpgraded to 4.0.3CVE-2020-7774
go, crypto/ellipticUpgraded go to 1.2CVE-2022-23806
go, math/bigUpgraded go to 1.2CVE-2022-23772
go, x/cryptoUpgraded go to 1.2CVE-2021-43565
go, os/execUpgraded go to 1.2CVE-2022-30580
go, encoding/xmlUpgraded go to 1.2CVE-2022-30633
go, encoding/xmlUpgraded go to 1.2CVE-2022-28131
go, path/filepathUpgraded go to 1.2CVE-2022-30632
goUpgraded go to 1.2CVE-2022-41716
go, crypto/ellipticUpgraded go to 1.2CVE-2022-28327
goUpgraded go to 1.2CVE-2022-24921
go, io/fsUpgraded go to 1.2CVE-2022-30630
go, crypto/sshUpgraded go to 1.2CVE-2022-27191
go, cmd/goUpgraded go to 1.2CVE-2022-23773
go, crypto/randUpgraded go to 1.2CVE-2022-30634
goUpgraded go to 1.2CVE-2022-41715
go, encoding/pemUpgraded go to 1.2CVE-2022-24675
goUpgraded go to 1.2CVE-2022-41720
go, net/httpUpgraded go to 1.2CVE-2022-27664
go, net/httpUpgraded go to 1.2CVE-2022-2880
go, path/filepathUpgraded go to 1.2CVE-2022-29804
go, math/bigUpgraded go to 1.2CVE-2022-32189
go, encoding/gobUpgraded go to 1.2CVE-2022-30635
go, compress/gzipUpgraded go to 1.2CVE-2022-30631
goUpgraded go to 1.2CVE-2022-2879
go, net/httpUpgraded go to 1.2CVE-2022-1705
go, go/parseUpgraded go to 1.2CVE-2022-1962
go, sysUpgraded go to 1.2CVE-2022-29526
go, net/httpUpgraded go to 1.2CVE-2022-32148
go, crypto/tlsUpgraded go to 1.2CVE-2022-30629
GrowlUpgraded to 1.10.5CVE-2017-16042
BabelUpgraded to 2.9.1CVE-2021-20095

Solution

For Splunk Enterprise, upgrade versions to 8.1.14, 8.2.11, 9.0.5, or higher.

Product Status

ProductVersionComponentAffected VersionFix Version
Splunk Enterprise8.1-8.1.13 and Lower8.1.14
Splunk Enterprise8.2-8.2.0 to 8.2.108.2.11
Splunk Enterprise9.0-9.0.0 to 9.0.49.0.5

Severity

For the CVEs listed above, Splunk adopted the national vulnerability database (NVD) CVSS rating to align with industry standards.