Archive
Highlighted

OpenSSL security bug

Explorer

Splunk 6.0.2 is linked against OpenSSL 1.0.1e which has serious security flaw (CVE-2014-0160).
When will be Splunk with fixed OpenSSL (1.0.1g) available?

Tags (1)
Highlighted

Re: OpenSSL security bug

SplunkTrust
SplunkTrust

Hi mpavlas,

Splunk is currently testing the fix, official statement on IRC #splunk channel:

Welcome to #splunk! | Currently testing a fix for the Heartbleed OpenSSL issue

as soon as it is available you will hear about on IRC #splunk and their webpage....stay tuned

cheers, MuS

View solution in original post

Highlighted

Re: OpenSSL security bug

Splunk Employee
Splunk Employee

this is correct. we are working currently to test our fix, and will post it as soon as it meets our quality requirements.

0 Karma
Highlighted

Re: OpenSSL security bug

Path Finder

Hopefully to more than just IRC 🙂

Thanks for working on this quickly.

Highlighted

Re: OpenSSL security bug

Motivator

A Splunk blog entry has just been published confirming progress so far in addressing the problem.

Highlighted

Re: OpenSSL security bug

Splunk Employee
Splunk Employee
0 Karma
Highlighted

Re: OpenSSL security bug

Motivator

Looks like there is an update available: http://www.splunk.com/view/SP-CAAAMB3

0 Karma
Highlighted

Re: OpenSSL security bug

Communicator

According to heartbleed.com:

What versions of the OpenSSL are affected?

Status of different versions:

OpenSSL 1.0.1 through 1.0.1f (inclusive) are vulnerable
OpenSSL 1.0.1g is NOT vulnerable
OpenSSL 1.0.0 branch is NOT vulnerable
OpenSSL 0.9.8 branch is NOT vulnerable
Bug was introduced to OpenSSL in December 2011 and has been out in the wild since OpenSSL release 1.0.1 on 14th of March 2012. OpenSSL 1.0.1g released on 7th of April 2014 fixes the bug.

Our production search head is running Splunk 6.0. When I look at the command line:

bin]$ openssl version
OpenSSL 1.0.0-fips 29 Mar 2010

Does this mean we are not affected by this?

0 Karma
Highlighted

Re: OpenSSL security bug

SplunkTrust
SplunkTrust

did you run this like $SPLUNK_HOME/bin/splunk cmd openssl version? Otherwise you will probably get a response from your servers openSSL installation not the one from Splunk .....

0 Karma
Highlighted

Re: OpenSSL security bug

Communicator

is there another command to run I've tried below with different variation but it never returns any ouput?

$SPLUNK_HOME/bin/splunk cmd openssl version

/]$ $SPLUNK_HOME/bin/splunk cmd openssl version
-bash: /bin/splunk: No such file or directory

Is there another way to run this command?

0 Karma