Splunk Enterprise
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Postgtres binary vulnerabilities - is it same to remove

smithy001
Explorer
a week ago

There seems to be a lot of vulnerabilities surrounding  the postgres binary shipped with Splunk Enterprise.

I'm trying to track down a version of Splunk this is shipped without any issues.

We're currently 10.0.1 but looking online shows that 10.0.2 has issues...if we go to 10.0.4 will we be safe ?? OR is it possible just to remove the binary [I've seen it recommended to fix CVEs]

To my knowledge Splunk doesn't even use postgres.

Any input gratefully recieved.

Thanks in advance

 

Labels (2)
Labels
0 Karma
Reply

PickleRick
SplunkTrust
SplunkTrust
a week ago

Whenever something about "vulnerabilities" pops up it triggers me to remind you that a "vulnerability" is not something absolute. Yes, I know that it's the easiest way to "manage vulnerabilities" to run your scanner once in a while, check what lights up red and call your admins to patch everything immediately but that's plain wrong.

Everything works and runs in a context. Has anyone bothered to even read into the description of the vulnerability before jumping to removing the binary?

0 Karma
Reply

livehybrid
SplunkTrust
SplunkTrust
a week ago

Hi @smithy001 

I generally wouldnt remove any files from the Splunk installation without first consulting with support as it could have unexpected results - even if you do not think you are using any postgres functionality (I believe its used in Edge Processor for example) it doesnt necessarily mean that Splunk doesnt validate it or use it during startup processes etc. 

The release notes/docs were just released for 10.2 (https://help.splunk.com/en/splunk-enterprise/release-notes-and-updates/release-notes/10.2/whats-new/...) however the binaries havent been released yet, so it could be that a fix for this is to be released in 10.2 (with additional minor version for older 10.x/9.x versions shortly).

Its also worth checking out https://advisory.splunk.com/ if you havent already.

🌟 Did this answer help you? If so, please consider:

  • Adding karma to show it was useful
  • Marking it as the solution if it resolved your issue
  • Commenting if you need any clarification

Your feedback encourages the volunteers in this community to continue contributing

 

Reply

smithy001
Explorer
Tuesday

Thanks both for your input.

Sadly if the vulnerability is picked up we have to fix...that's CE+ for you and an IMSEC that don't listen to reason.

I did check the advisory 

https://advisory.splunk.com/advisories/SVD-2025-0603

"postgres package is removed from the $SPLUNK_HOME/bin directory to remedy CVE-2023-5869, CVE-2024-7348, CVE-2024-10979, and CVE-2025-1094"

hence me asking if it was safe to remove.

 

0 Karma
Reply
Get Updates on the Splunk Community!

AI for AppInspect

We’re excited to announce two new updates to AppInspect designed to save you time and make the app approval ...

App Platform's 2025 Year in Review: A Year of Innovation, Growth, and Community

As we step into 2026, it’s the perfect moment to reflect on what an extraordinary year 2025 was for the Splunk ...

Operationalizing Entity Risk Score with Enterprise Security 8.3+

Overview Enterprise Security 8.3 introduces a powerful new feature called “Entity Risk Scoring” (ERS) for ...