Splunk 6.0.2 is linked against OpenSSL 1.0.1e which has serious security flaw (CVE-2014-0160).
When will be Splunk with fixed OpenSSL (1.0.1g) available?
Splunk is currently testing the fix, official statement on IRC #splunk channel:
Welcome to #splunk! | Currently testing a fix for the Heartbleed OpenSSL issue
as soon as it is available you will hear about on IRC #splunk and their webpage....stay tuned
According to heartbleed.com:
What versions of the OpenSSL are affected?
Status of different versions:
OpenSSL 1.0.1 through 1.0.1f (inclusive) are vulnerable
OpenSSL 1.0.1g is NOT vulnerable
OpenSSL 1.0.0 branch is NOT vulnerable
OpenSSL 0.9.8 branch is NOT vulnerable
Bug was introduced to OpenSSL in December 2011 and has been out in the wild since OpenSSL release 1.0.1 on 14th of March 2012. OpenSSL 1.0.1g released on 7th of April 2014 fixes the bug.
Our production search head is running Splunk 6.0. When I look at the command line:
bin]$ openssl version
OpenSSL 1.0.0-fips 29 Mar 2010
Does this mean we are not affected by this?
did you run this like
$SPLUNK_HOME/bin/splunk cmd openssl version? Otherwise you will probably get a response from your servers openSSL installation not the one from Splunk .....
is there another command to run I've tried below with different variation but it never returns any ouput?
$SPLUNK_HOME/bin/splunk cmd openssl version
/]$ $SPLUNK_HOME/bin/splunk cmd openssl version
-bash: /bin/splunk: No such file or directory
Is there another way to run this command?