June Third Party Package Updates in Splunk Universal Forwarders

Advisory ID: SVD-2023-0614

CVE ID:  Multiple

Published: 2023-06-01

Last Update: 2023-06-01

Description

Splunk remedied common vulnerabilities and exposures (CVEs) in Third Party Packages in versions 8.1.14, 8.2.11, and 9.0.5 of Splunk Universal Forwarder, including the following:

PackageRemediationCVESeverity
libxml2PatchedCVE-2022-40303High
libxml2PatchedCVE-2022-40304High
OpenSSL 1.0.2Upgraded to 1.0.2zgCVE-2023-0286High
OpenSSL 1.0.2Upgraded to 1.0.2zgCVE-2023-0215High
OpenSSL 1.0.2Upgraded to 1.0.2zgCVE-2022-4304Medium
curlUpgraded to 8.0.1CVE-2023-27538Medium
curlUpgraded to 8.0.1CVE-2023-27537Medium
curlUpgraded to 8.0.1CVE-2023-27536Critical
curlUpgraded to 8.0.1CVE-2023-27535High
curlUpgraded to 8.0.1CVE-2023-27534High
curlUpgraded to 8.0.1CVE-2023-27533High
curlUpgraded to 8.0.1CVE-2023-23916Medium
curlUpgraded to 8.0.1CVE-2023-23915Medium
curlUpgraded to 8.0.1CVE-2023-23914Critical
curlUpgraded to 8.0.1CVE-2022-43552Medium
curlUpgraded to 8.0.1CVE-2022-43551High
curlUpgraded to 8.0.1CVE-2022-42916High
curlUpgraded to 8.0.1CVE-2022-42915Critical
curlUpgraded to 8.0.1CVE-2022-35260Medium
curlUpgraded to 8.0.1CVE-2022-32221Critical
curlUpgraded to 8.0.1CVE-2022-35252Low
curlUpgraded to 8.0.1CVE-2022-32208Medium
curlUpgraded to 8.0.1CVE-2022-32207Critical
curlUpgraded to 8.0.1CVE-2022-32206Medium
curlUpgraded to 8.0.1CVE-2022-32205Medium
curlUpgraded to 8.0.1CVE-2022-30115Medium
curlUpgraded to 8.0.1CVE-2022-27782High
curlUpgraded to 8.0.1CVE-2022-27781High
curlUpgraded to 8.0.1CVE-2022-27780High
curlUpgraded to 8.0.1CVE-2022-27779Medium
curlUpgraded to 8.0.1CVE-2022-27778High
curlUpgraded to 8.0.1CVE-2022-27776Medium
curlUpgraded to 8.0.1CVE-2022-27775High
curlUpgraded to 8.0.1CVE-2022-27774Medium
curlUpgraded to 8.0.1CVE-2022-22576High
curlUpgraded to 8.0.1CVE-2021-22947Medium
curlUpgraded to 8.0.1CVE-2021-22946High
curlUpgraded to 8.0.1CVE-2021-22945Critical
curlUpgraded to 8.0.1CVE-2021-22926High
curlUpgraded to 8.0.1CVE-2021-22925Medium
curlUpgraded to 8.0.1CVE-2021-22924Low
curlUpgraded to 8.0.1CVE-2021-22923Medium
curlUpgraded to 8.0.1CVE-2021-22922Medium
curlUpgraded to 8.0.1CVE-2021-22901High
curlUpgraded to 8.0.1CVE-2021-22898Low
curlUpgraded to 8.0.1CVE-2021-22897Medium
curlUpgraded to 8.0.1CVE-2021-22890Low
curlUpgraded to 8.0.1CVE-2021-22876Medium
curlUpgraded to 8.0.1CVE-2020-8286High
curlUpgraded to 8.0.1CVE-2020-8285High
curlUpgraded to 8.0.1CVE-2020-8284Low
curlUpgraded to 8.0.1CVE-2020-8231High
curlUpgraded to 8.0.1CVE-2020-8177High
curlUpgraded to 8.0.1CVE-2020-8169High
libarchiveUpgraded to 3.6.2CVE-2022-36227Critical
libarchiveUpgraded to 3.6.2CVE-2021-31566High
libarchiveUpgraded to 3.6.2CVE-2021-36976Medium
lz4Upgraded to 1.9.4CVE-2021-3520Critical
SQLiteUpgraded to 3.41.2CVE-2022-35737High
zlibApplied patchCVE-2018-25032High
zlibApplied patchCVE-2022-37434Critical

Solution

For Splunk Universal Forwarder, upgrade versions to 8.1.14, 8.2.11, 9.0.5, or higher.

Product Status

ProductVersionComponentAffected VersionFix Version
Universal Forwarders8.1-8.1.13 and Lower8.1.14
Universal Forwarders8.2-8.2.0 to 8.2.108.2.11
Universal Forwarders9.0-9.0.0 to 9.0.49.0.5

Severity

For the CVEs in this list, Splunk adopted the national vulnerability database (NVD) CVSS rating to align with industry standards.