August Third Party Package Updates in Splunk Universal Forwarder
Advisory ID: SVD-2023-0809
CVE ID: Multiple
Published: 2023-08-30
Last Update: 2023-08-30
Description
Splunk remedied common vulnerabilities and exposures (CVEs) in Third Party Packages in Splunk Universal Forwarder, including the folLowing:
CVE | Package | Remediation | Severity |
---|---|---|---|
CVE-2021-30560 | libxslt | Patched | High |
CVE-2021-30560 | libxslt | Patched | High |
CVE-2023-27538 | curl | Upgraded to 8.0.1 | Medium |
CVE-2023-27537 | curl | Upgraded to 8.0.1 | Medium |
CVE-2023-27536 | curl | Upgraded to 8.0.1 | Medium |
CVE-2023-27535 | curl | Upgraded to 8.0.1 | Medium |
CVE-2023-27534 | curl | Upgraded to 8.0.1 | High |
CVE-2023-27533 | curl | Upgraded to 8.0.1 | High |
CVE-2023-23916 | curl | Upgraded to 8.0.1 | Medium |
CVE-2023-23915 | curl | Upgraded to 8.0.1 | Medium |
CVE-2023-23914 | curl | Upgraded to 8.0.1 | Critical |
CVE-2022-43552 | curl | Upgraded to 8.0.1 | Medium |
CVE-2022-43551 | curl | Upgraded to 8.0.1 | High |
CVE-2022-42916 | curl | Upgraded to 8.0.1 | High |
CVE-2022-42915 | curl | Upgraded to 8.0.1 | High |
CVE-2022-35260 | curl | Upgraded to 8.0.1 | Medium |
CVE-2022-32221 | curl | Upgraded to 8.0.1 | Critical |
CVE-2022-35252 | curl | Upgraded to 8.0.1 | Low |
CVE-2022-32208 | curl | Upgraded to 8.0.1 | Medium |
CVE-2022-32207 | curl | Upgraded to 8.0.1 | Critical |
CVE-2022-32206 | curl | Upgraded to 8.0.1 | Medium |
CVE-2022-32205 | curl | Upgraded to 8.0.1 | Medium |
CVE-2022-30115 | curl | Upgraded to 8.0.1 | Medium |
CVE-2022-27782 | curl | Upgraded to 8.0.1 | High |
CVE-2022-27781 | curl | Upgraded to 8.0.1 | High |
CVE-2022-27780 | curl | Upgraded to 8.0.1 | High |
CVE-2022-27779 | curl | Upgraded to 8.0.1 | Medium |
CVE-2022-27778 | curl | Upgraded to 8.0.1 | High |
CVE-2022-27776 | curl | Upgraded to 8.0.1 | Medium |
CVE-2022-27775 | curl | Upgraded to 8.0.1 | High |
CVE-2022-27774 | curl | Upgraded to 8.0.1 | Medium |
CVE-2022-22576 | curl | Upgraded to 8.0.1 | High |
CVE-2021-22947 | curl | Upgraded to 8.0.1 | Medium |
CVE-2021-22946 | curl | Upgraded to 8.0.1 | High |
CVE-2021-22945 | curl | Upgraded to 8.0.1 | Critical |
CVE-2021-22926 | curl | Upgraded to 8.0.1 | High |
CVE-2021-22925 | curl | Upgraded to 8.0.1 | Medium |
CVE-2021-22924 | curl | Upgraded to 8.0.1 | Low |
CVE-2021-22923 | curl | Upgraded to 8.0.1 | Medium |
CVE-2021-22922 | curl | Upgraded to 8.0.1 | Medium |
CVE-2021-22901 | curl | Upgraded to 8.0.1 | High |
CVE-2021-22898 | curl | Upgraded to 8.0.1 | Low |
CVE-2021-22897 | curl | Upgraded to 8.0.1 | Medium |
CVE-2021-22890 | curl | Upgraded to 8.0.1 | Low |
CVE-2021-22876 | curl | Upgraded to 8.0.1 | Medium |
CVE-2020-8286 | curl | Upgraded to 8.0.1 | High |
CVE-2020-8285 | curl | Upgraded to 8.0.1 | High |
CVE-2020-8284 | curl | Upgraded to 8.0.1 | Low |
CVE-2020-8231 | curl | Upgraded to 8.0.1 | High |
CVE-2020-8177 | curl | Upgraded to 8.0.1 | High |
CVE-2020-8169 | curl | Upgraded to 8.0.1 | High |
CVE-2022-36227 | libarchive | Upgraded to 3.6.2 | Critical |
CVE-2021-31566 | libarchive | Upgraded to 3.6.2 | High |
CVE-2021-36976 | libarchive | Upgraded to 3.6.2 | Medium |
CVE-2021-3520 | lz4 | Upgraded to. 1.9.4 | Critical |
CVE-2020-14155 | pcre2 | Upgraded to 10.40 | Medium |
CVE-2019-20454 | pcre2 | Upgraded to 10.40 | High |
CVE-2019-20838 | pcre2 | Upgraded to 10.40 | High |
CVE-2020-14155 | pcre2 | Upgraded to 10.40 | Medium |
CVE-2019-20454 | pcre2 | Upgraded to 10.40 | High |
CVE-2019-20838 | pcre2 | Upgraded to 10.40 | High |
CVE-2022-35737 | sqlite | Upgraded to 3.41.2 | High |
Solution
For Splunk Universal Forwarder, upgrade versions to 8.2.12, 9.0.6, or 9.1.1.
Product Status
Product | Version | Component | Affected Version | Fix Version |
---|---|---|---|---|
Universal Forwarder | 8.2 | - | 8.2.0 to 8.2.11 | 8.2.12 |
Universal Forwarder | 9.0 | - | 9.0.0 to 9.0.5 | 9.0.6 |
Universal Forwarder | 9.1 | - | 9.1.0 | 9.1.1 |
Severity
For the CVEs in this list, Splunk adopted the national vulnerability database (NVD) common vulnerability scoring system (CVSS) rating to align with industry standards.