Installation

Vulnerability Reported in linux server, which Splunk application running on the server

Ka21
Loves-to-Learn

The below Vulnerabilities reported in linux servers and let me know if any impact on Splunk application, if we remediate the vulnerabilities based on solution provided.

Amazon Linux 2 : polkit (ALAS-2022-1745)
Amazon Linux 2 : libgcrypt (ALAS-2022-1769)
Amazon Linux 2 : gzip, xz (ALAS-2022-1782)
Amazon Linux 2 : vim (ALAS-2022-1829)
Amazon Linux 2 : zlib (ALAS-2022-1849)
Amazon Linux 2 : aide (ALAS-2022-1850)
Amazon Linux 2 : pcre2 (ALAS-2022-1871)
Amazon Linux 2 : e2fsprogs (ALAS-2022-1884)
Amazon Linux 2 : sqlite (ALAS-2023-1911)
Amazon Linux 2 : libtasn1 (ALAS-2023-1908)
Amazon Linux 2 : freetype (ALAS-2023-1909)
Amazon Linux 2 : libpng (ALAS-2023-1904)
Amazon Linux 2 : python-lxml (ALAS-2023-1956)
Amazon Linux 2 : nss-util (ALAS-2023-1954)
Amazon Linux 2 : nss-softokn (ALAS-2023-1955)
Amazon Linux 2 : python (ALAS-2023-1980)
Amazon Linux 2 : cpio (ALAS-2023-1972)
Amazon Linux 2 : curl (ALAS-2023-1986)
Amazon Linux 2 : nss (ALAS-2023-1992)
Amazon Linux 2 : babel (ALAS-2023-2010)
Amazon Linux 2 : systemd (ALAS-2023-2004)
Amazon Linux 2 : jasper (ALAS-2023-2018)
Amazon Linux 2 : gd (ALAS-2023-2044)
Amazon Linux 2 : perl (ALAS-2023-2034)
Amazon Linux 2 : libwebp (ALAS-2023-2048)
Amazon Linux 2 : mariadb (ALAS-2023-2057)
Amazon Linux 2 : sysstat (ALAS-2023-2068)
Amazon Linux 2 : rsync (ALAS-2023-2074)
Amazon Linux 2 : dnsmasq (ALAS-2023-2069)
Amazon Linux 2 : glusterfs (ALAS-2023-2071)
Amazon Linux 2 : pcre (ALAS-2023-2082)
Amazon Linux 2 : git (ALAS-2023-2072)
Amazon Linux 2 : libfastjson (ALAS-2023-2079)
Amazon Linux 2 : openldap (ALAS-2023-2095)
Amazon Linux 2 : perl-HTTP-Tiny (ALAS-2023-2093)
Amazon Linux 2 : glib2 (ALAS-2023-2107)
Amazon Linux 2 : perl-Pod-Perldoc (ALAS-2023-2094)
Amazon Linux 2 : ncurses (ALAS-2023-2096)
Amazon Linux 2 : squashfs-tools (ALAS-2023-2152)
Amazon Linux 2 : fribidi (ALAS-2023-2116)
Amazon Linux 2 : tcpdump (ALAS-2023-2119)
Amazon Linux 2 : libX11 (ALAS-2023-2129)
Amazon Linux 2 : c-ares (ALAS-2023-2127)
Amazon Linux 2 : zstd (ALAS-2023-2140)
Amazon Linux 2 : SDL2 (ALAS-2023-2162)
Amazon Linux 2 : bluez (ALAS-2023-2167)
Amazon Linux 2 : avahi (ALAS-2023-2175)
Amazon Linux 2 : nghttp2 (ALAS-2023-2180)
Amazon Linux 2 : ca-certificates (ALAS-2023-2224)
Amazon Linux 2 : amazon-ssm-agent (ALAS-2023-2238)
Amazon Linux 2 : shadow-utils (ALAS-2023-2247)
Amazon Linux 2 : libssh2 (ALAS-2023-2257)
Amazon Linux 2 : libjpeg-turbo (ALAS-2023-2254)
Amazon Linux 2 : expat (ALAS-2023-2280)
Amazon Linux 2 : kernel (ALAS-2023-2264)
Amazon Linux 2 : flac (ALAS-2023-2283)
Amazon Linux 2 : python-pillow (ALAS-2023-2286)
Amazon Linux 2 : bind (ALAS-2023-2273)
Oracle Java JRE Unsupported Version Detection (Unix)
Labels (1)
0 Karma

isoutamo
SplunkTrust
SplunkTrust

Hi

it's hard to say if anyone of those is directly affected to splunk, but usually it's a best practices to keep your OS and also other products up to date to avoid any security issues. You already have found Splunk's own security issue page which also should fulfil as soon as possible.

r. Ismo

0 Karma

tscroggins
Influencer

Hi @Ka21,

Splunk periodically releases updates to address vulnerabilities in libraries shipped with Splunk products. Browse to <https://advisory.splunk.com/> to review bulletins labeled "Third Party Package Updates in Splunk Enterprise" and "Splunk Universal Forwarder Third-Party Updates."

For November 2023:

November 2023 Third Party Package updates in Splunk Enterprise

November 2023 Splunk Universal Forwarder Third-Party Updates

Third Party Package Update in Splunk Add-on for Google Cloud Platform

Third Party Package Update in Splunk Add-on for Amazon Web Services

Re: Java, you'll need to review individual Java-based apps and add-ons--Splunk ITSI, Splunk DB Connect, etc.--for compatibility and upgrade the JRE as needed.

0 Karma
Get Updates on the Splunk Community!

Security Professional: Sharpen Your Defenses with These .conf25 Sessions

Sooooooooooo, guess what. .conf25 is almost here, and if you're on the Security Learning Path, this is your ...

First Steps with Splunk SOAR

Our first step was to gather a list of the playbooks we wanted and to sort them by priority.  Once this list ...

How To Build a Self-Service Observability Practice with Splunk Observability Cloud

If you’ve read our previous post on self-service observability, you already know what it is and why it ...