June Third Party Package Updates in Splunk Universal Forwarders
Advisory ID: SVD-2023-0614
CVE ID: Multiple
Published: 2023-06-01
Last Update: 2023-06-01
Description
Splunk remedied common vulnerabilities and exposures (CVEs) in Third Party Packages in versions 8.1.14, 8.2.11, and 9.0.5 of Splunk Universal Forwarder, including the following:
CVE | Package | Remediation | Severity |
---|---|---|---|
CVE-2022-40303 | libxml2 | Patched | High |
CVE-2022-40304 | libxml2 | Patched | High |
CVE-2023-0286 | OpenSSL 1.0.2 | Upgraded to 1.0.2zg | High |
CVE-2023-0215 | OpenSSL 1.0.2 | Upgraded to 1.0.2zg | High |
CVE-2022-4304 | OpenSSL 1.0.2 | Upgraded to 1.0.2zg | Medium |
CVE-2023-27538 | curl | Upgraded to 8.0.1 | Medium |
CVE-2023-27537 | curl | Upgraded to 8.0.1 | Medium |
CVE-2023-27536 | curl | Upgraded to 8.0.1 | Critical |
CVE-2023-27535 | curl | Upgraded to 8.0.1 | High |
CVE-2023-27534 | curl | Upgraded to 8.0.1 | High |
CVE-2023-27533 | curl | Upgraded to 8.0.1 | High |
CVE-2023-23916 | curl | Upgraded to 8.0.1 | Medium |
CVE-2023-23915 | curl | Upgraded to 8.0.1 | Medium |
CVE-2023-23914 | curl | Upgraded to 8.0.1 | Critical |
CVE-2022-43552 | curl | Upgraded to 8.0.1 | Medium |
CVE-2022-43551 | curl | Upgraded to 8.0.1 | High |
CVE-2022-42916 | curl | Upgraded to 8.0.1 | High |
CVE-2022-42915 | curl | Upgraded to 8.0.1 | Critical |
CVE-2022-35260 | curl | Upgraded to 8.0.1 | Medium |
CVE-2022-32221 | curl | Upgraded to 8.0.1 | Critical |
CVE-2022-35252 | curl | Upgraded to 8.0.1 | Low |
CVE-2022-32208 | curl | Upgraded to 8.0.1 | Medium |
CVE-2022-32207 | curl | Upgraded to 8.0.1 | Critical |
CVE-2022-32206 | curl | Upgraded to 8.0.1 | Medium |
CVE-2022-32205 | curl | Upgraded to 8.0.1 | Medium |
CVE-2022-30115 | curl | Upgraded to 8.0.1 | Medium |
CVE-2022-27782 | curl | Upgraded to 8.0.1 | High |
CVE-2022-27781 | curl | Upgraded to 8.0.1 | High |
CVE-2022-27780 | curl | Upgraded to 8.0.1 | High |
CVE-2022-27779 | curl | Upgraded to 8.0.1 | Medium |
CVE-2022-27778 | curl | Upgraded to 8.0.1 | High |
CVE-2022-27776 | curl | Upgraded to 8.0.1 | Medium |
CVE-2022-27775 | curl | Upgraded to 8.0.1 | High |
CVE-2022-27774 | curl | Upgraded to 8.0.1 | Medium |
CVE-2022-22576 | curl | Upgraded to 8.0.1 | High |
CVE-2021-22947 | curl | Upgraded to 8.0.1 | Medium |
CVE-2021-22946 | curl | Upgraded to 8.0.1 | High |
CVE-2021-22945 | curl | Upgraded to 8.0.1 | Critical |
CVE-2021-22926 | curl | Upgraded to 8.0.1 | High |
CVE-2021-22925 | curl | Upgraded to 8.0.1 | Medium |
CVE-2021-22924 | curl | Upgraded to 8.0.1 | Low |
CVE-2021-22923 | curl | Upgraded to 8.0.1 | Medium |
CVE-2021-22922 | curl | Upgraded to 8.0.1 | Medium |
CVE-2021-22901 | curl | Upgraded to 8.0.1 | High |
CVE-2021-22898 | curl | Upgraded to 8.0.1 | Low |
CVE-2021-22897 | curl | Upgraded to 8.0.1 | Medium |
CVE-2021-22890 | curl | Upgraded to 8.0.1 | Low |
CVE-2021-22876 | curl | Upgraded to 8.0.1 | Medium |
CVE-2020-8286 | curl | Upgraded to 8.0.1 | High |
CVE-2020-8285 | curl | Upgraded to 8.0.1 | High |
CVE-2020-8284 | curl | Upgraded to 8.0.1 | Low |
CVE-2020-8231 | curl | Upgraded to 8.0.1 | High |
CVE-2020-8177 | curl | Upgraded to 8.0.1 | High |
CVE-2020-8169 | curl | Upgraded to 8.0.1 | High |
CVE-2022-36227 | libarchive | Upgraded to 3.6.2 | Critical |
CVE-2021-31566 | libarchive | Upgraded to 3.6.2 | High |
CVE-2021-36976 | libarchive | Upgraded to 3.6.2 | Medium |
CVE-2021-3520 | lz4 | Upgraded to 1.9.4 | Critical |
CVE-2022-35737 | SQLite | Upgraded to 3.41.2 | High |
CVE-2018-25032 | zlib | Applied patch | High |
CVE-2022-37434 | zlib | Applied patch | Critical |
Solution
For Splunk Universal Forwarder, upgrade versions to 8.1.14, 8.2.11, 9.0.5, or higher.
Product Status
Product | Version | Component | Affected Version | Fix Version |
---|---|---|---|---|
Universal Forwarders | 8.1 | - | 8.1.13 and Lower | 8.1.14 |
Universal Forwarders | 8.2 | - | 8.2.0 to 8.2.10 | 8.2.11 |
Universal Forwarders | 9.0 | - | 9.0.0 to 9.0.4 | 9.0.5 |
Severity
For the CVEs in this list, Splunk adopted the national vulnerability database (NVD) CVSS rating to align with industry standards.