Solved: When will Splunk address the OpenSSL vulnerability...

fbachabi · ‎06-13-2014

Splunk 6.1.1 is linked against OpenSSL 1.0.1g which has some security flaw (CVE-2014-0224, CVE-2014-0195, and CVE-2014-0198). When will be Splunk with fixed OpenSSL (1.0.1h) available?

ChrisG · ‎06-13-2014

We are currently testing a maintenance release to address this vulnerability and we plan for it to be available the week of June 30. See this recent Splunk blog post for complete information and an assessment of the scope of the vulnerability for Splunk customers.

View solution in original post

ChrisG · ‎06-13-2014

We are currently testing a maintenance release to address this vulnerability and we plan for it to be available the week of June 30. See this recent Splunk blog post for complete information and an assessment of the scope of the vulnerability for Splunk customers.

fbachabi · ‎06-13-2014

Awesome. Thanks for the quick turnaround. I'll make sure to check the blogs as well.

When will Splunk address the OpenSSL vulnerability issue (CVE-2014-0224, CVE-2014-0195, and CVE-2014-0198; OpenSSL <1.0.1h)?

Enter the Splunk Community Dashboard Challenge for Your Chance to Win!

.conf24 | Session Scheduler is Live!!

Introducing the Splunk Community Dashboard Challenge!