Installation

Vulnerability Reported in linux server, which Splunk application running on the server

Ka21
Loves-to-Learn

The below Vulnerabilities reported in linux servers and let me know if any impact on Splunk application, if we remediate the vulnerabilities based on solution provided.

Amazon Linux 2 : polkit (ALAS-2022-1745)
Amazon Linux 2 : libgcrypt (ALAS-2022-1769)
Amazon Linux 2 : gzip, xz (ALAS-2022-1782)
Amazon Linux 2 : vim (ALAS-2022-1829)
Amazon Linux 2 : zlib (ALAS-2022-1849)
Amazon Linux 2 : aide (ALAS-2022-1850)
Amazon Linux 2 : pcre2 (ALAS-2022-1871)
Amazon Linux 2 : e2fsprogs (ALAS-2022-1884)
Amazon Linux 2 : sqlite (ALAS-2023-1911)
Amazon Linux 2 : libtasn1 (ALAS-2023-1908)
Amazon Linux 2 : freetype (ALAS-2023-1909)
Amazon Linux 2 : libpng (ALAS-2023-1904)
Amazon Linux 2 : python-lxml (ALAS-2023-1956)
Amazon Linux 2 : nss-util (ALAS-2023-1954)
Amazon Linux 2 : nss-softokn (ALAS-2023-1955)
Amazon Linux 2 : python (ALAS-2023-1980)
Amazon Linux 2 : cpio (ALAS-2023-1972)
Amazon Linux 2 : curl (ALAS-2023-1986)
Amazon Linux 2 : nss (ALAS-2023-1992)
Amazon Linux 2 : babel (ALAS-2023-2010)
Amazon Linux 2 : systemd (ALAS-2023-2004)
Amazon Linux 2 : jasper (ALAS-2023-2018)
Amazon Linux 2 : gd (ALAS-2023-2044)
Amazon Linux 2 : perl (ALAS-2023-2034)
Amazon Linux 2 : libwebp (ALAS-2023-2048)
Amazon Linux 2 : mariadb (ALAS-2023-2057)
Amazon Linux 2 : sysstat (ALAS-2023-2068)
Amazon Linux 2 : rsync (ALAS-2023-2074)
Amazon Linux 2 : dnsmasq (ALAS-2023-2069)
Amazon Linux 2 : glusterfs (ALAS-2023-2071)
Amazon Linux 2 : pcre (ALAS-2023-2082)
Amazon Linux 2 : git (ALAS-2023-2072)
Amazon Linux 2 : libfastjson (ALAS-2023-2079)
Amazon Linux 2 : openldap (ALAS-2023-2095)
Amazon Linux 2 : perl-HTTP-Tiny (ALAS-2023-2093)
Amazon Linux 2 : glib2 (ALAS-2023-2107)
Amazon Linux 2 : perl-Pod-Perldoc (ALAS-2023-2094)
Amazon Linux 2 : ncurses (ALAS-2023-2096)
Amazon Linux 2 : squashfs-tools (ALAS-2023-2152)
Amazon Linux 2 : fribidi (ALAS-2023-2116)
Amazon Linux 2 : tcpdump (ALAS-2023-2119)
Amazon Linux 2 : libX11 (ALAS-2023-2129)
Amazon Linux 2 : c-ares (ALAS-2023-2127)
Amazon Linux 2 : zstd (ALAS-2023-2140)
Amazon Linux 2 : SDL2 (ALAS-2023-2162)
Amazon Linux 2 : bluez (ALAS-2023-2167)
Amazon Linux 2 : avahi (ALAS-2023-2175)
Amazon Linux 2 : nghttp2 (ALAS-2023-2180)
Amazon Linux 2 : ca-certificates (ALAS-2023-2224)
Amazon Linux 2 : amazon-ssm-agent (ALAS-2023-2238)
Amazon Linux 2 : shadow-utils (ALAS-2023-2247)
Amazon Linux 2 : libssh2 (ALAS-2023-2257)
Amazon Linux 2 : libjpeg-turbo (ALAS-2023-2254)
Amazon Linux 2 : expat (ALAS-2023-2280)
Amazon Linux 2 : kernel (ALAS-2023-2264)
Amazon Linux 2 : flac (ALAS-2023-2283)
Amazon Linux 2 : python-pillow (ALAS-2023-2286)
Amazon Linux 2 : bind (ALAS-2023-2273)
Oracle Java JRE Unsupported Version Detection (Unix)
Labels (1)
0 Karma

isoutamo
SplunkTrust
SplunkTrust

Hi

it's hard to say if anyone of those is directly affected to splunk, but usually it's a best practices to keep your OS and also other products up to date to avoid any security issues. You already have found Splunk's own security issue page which also should fulfil as soon as possible.

r. Ismo

0 Karma

tscroggins
Influencer

Hi @Ka21,

Splunk periodically releases updates to address vulnerabilities in libraries shipped with Splunk products. Browse to <https://advisory.splunk.com/> to review bulletins labeled "Third Party Package Updates in Splunk Enterprise" and "Splunk Universal Forwarder Third-Party Updates."

For November 2023:

November 2023 Third Party Package updates in Splunk Enterprise

November 2023 Splunk Universal Forwarder Third-Party Updates

Third Party Package Update in Splunk Add-on for Google Cloud Platform

Third Party Package Update in Splunk Add-on for Amazon Web Services

Re: Java, you'll need to review individual Java-based apps and add-ons--Splunk ITSI, Splunk DB Connect, etc.--for compatibility and upgrade the JRE as needed.

0 Karma
Get Updates on the Splunk Community!

Earn a $35 Gift Card for Answering our Splunk Admins & App Developer Survey

Survey for Splunk Admins and App Developers is open now! | Earn a $35 gift card!      Hello there,  Splunk ...

Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...

You’ve probably heard the latest about AppDynamics joining the Splunk Observability portfolio, deepening our ...

Monitoring Amazon Elastic Kubernetes Service (EKS)

As we’ve seen, integrating Kubernetes environments with Splunk Observability Cloud is a quick and easy way to ...