Security
Highlighted

When will Splunk address the OpenSSL vulnerability issue (CVE-2014-0224, CVE-2014-0195, and CVE-2014-0198; OpenSSL <1.0.1h)?

Engager

Splunk 6.1.1 is linked against OpenSSL 1.0.1g which has some security flaw (CVE-2014-0224, CVE-2014-0195, and CVE-2014-0198). When will be Splunk with fixed OpenSSL (1.0.1h) available?

Tags (2)
0 Karma
Highlighted

Re: When will Splunk address the OpenSSL vulnerability issue (CVE-2014-0224, CVE-2014-0195, and CVE-2014-0198; OpenSSL <1.0.1h)?

Splunk Employee
Splunk Employee

We are currently testing a maintenance release to address this vulnerability and we plan for it to be available the week of June 30. See this recent Splunk blog post for complete information and an assessment of the scope of the vulnerability for Splunk customers.

View solution in original post

Highlighted

Re: When will Splunk address the OpenSSL vulnerability issue (CVE-2014-0224, CVE-2014-0195, and CVE-2014-0198; OpenSSL <1.0.1h)?

Engager

Awesome. Thanks for the quick turnaround. I'll make sure to check the blogs as well.