-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2023.3143
   SVD-2023-0613: June Third Party Package Updates in Splunk Enterprise
                                2 June 2023

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           Splunk Enterprise
Publisher:         Splunk
Operating System:  Windows
                   UNIX variants (UNIX, Linux, OSX)
Resolution:        Patch/Upgrade
CVE Names:         CVE-2023-27538 CVE-2023-27537 CVE-2023-27536
                   CVE-2023-27535 CVE-2023-27534 CVE-2023-27533
                   CVE-2023-23916 CVE-2023-23915 CVE-2023-23914
                   CVE-2023-1370 CVE-2023-0286 CVE-2023-0215
                   CVE-2022-46175 CVE-2022-43680 CVE-2022-43552
                   CVE-2022-43551 CVE-2022-42916 CVE-2022-42915
                   CVE-2022-42004 CVE-2022-41720 CVE-2022-41716
                   CVE-2022-41715 CVE-2022-40304 CVE-2022-40303
                   CVE-2022-40023 CVE-2022-38900 CVE-2022-37616
                   CVE-2022-37603 CVE-2022-37601 CVE-2022-37599
                   CVE-2022-37434 CVE-2022-36227 CVE-2022-35737
                   CVE-2022-35260 CVE-2022-35252 CVE-2022-33987
                   CVE-2022-32221 CVE-2022-32208 CVE-2022-32207
                   CVE-2022-32206 CVE-2022-32205 CVE-2022-32189
                   CVE-2022-32148 CVE-2022-31129 CVE-2022-30635
                   CVE-2022-30634 CVE-2022-30633 CVE-2022-30632
                   CVE-2022-30631 CVE-2022-30630 CVE-2022-30629
                   CVE-2022-30580 CVE-2022-30115 CVE-2022-29804
                   CVE-2022-29526 CVE-2022-28327 CVE-2022-28131
                   CVE-2022-27782 CVE-2022-27781 CVE-2022-27780
                   CVE-2022-27779 CVE-2022-27778 CVE-2022-27776
                   CVE-2022-27775 CVE-2022-27774 CVE-2022-27664
                   CVE-2022-27191 CVE-2022-25858 CVE-2022-24999
                   CVE-2022-24921 CVE-2022-24675 CVE-2022-23806
                   CVE-2022-23773 CVE-2022-23772 CVE-2022-23491
                   CVE-2022-22576 CVE-2022-4304 CVE-2022-4200
                   CVE-2022-3517 CVE-2022-2880 CVE-2022-2879
                   CVE-2022-1962 CVE-2022-1705 CVE-2021-43565
                   CVE-2021-36976 CVE-2021-33587 CVE-2021-33503
                   CVE-2021-33502 CVE-2021-31566 CVE-2021-29060
                   CVE-2021-27292 CVE-2021-23382 CVE-2021-23368
                   CVE-2021-23343 CVE-2021-22947 CVE-2021-22946
                   CVE-2021-22945 CVE-2021-22926 CVE-2021-22925
                   CVE-2021-22924 CVE-2021-22923 CVE-2021-22922
                   CVE-2021-22901 CVE-2021-22898 CVE-2021-22897
                   CVE-2021-22890 CVE-2021-22876 CVE-2021-20095
                   CVE-2021-3803 CVE-2021-3520 CVE-2020-28469
                   CVE-2020-15138 CVE-2020-13822 CVE-2020-8286
                   CVE-2020-8285 CVE-2020-8284 CVE-2020-8231
                   CVE-2020-8203 CVE-2020-8177 CVE-2020-8169
                   CVE-2020-8116 CVE-2020-7774 CVE-2020-7753
                   CVE-2020-7662 CVE-2019-20149 CVE-2019-10746
                   CVE-2019-10744 CVE-2018-25032 CVE-2017-16042

Original Bulletin: 
   https://advisory.splunk.com//advisories/SVD-2023-0613

Comment: CVSS (Max):  9.8* CVE-2022-42915 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
         CVSS Source: NVD
         Calculator:  https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
         * Not all CVSS available when published

- --------------------------BEGIN INCLUDED TEXT--------------------

June Third Party Package Updates in Splunk Enterprise

Advisory ID: SVD-2023-0613

CVE ID: Multiple

Published: 2023-06-01

Last Update: 2023-06-01

Description

Splunk remedied common vulnerabilities and exposures (CVEs) in Third Party
Packages in versions 8.1.14, 8.2.11, and 9.0.5 of Splunk Enterprise, including
the following:

     CVE             Package             Remediation      Severity
CVE-2022-40303 libxml2              Patched               High
CVE-2022-40304 libxml2              Patched               High
CVE-2023-0286  OpenSSL 1.0.2        Upgraded to 1.0.2zg   High
CVE-2023-0215  OpenSSL 1.0.2        Upgraded to 1.0.2zg   High
CVE-2022-4304  OpenSSL 1.0.2        Upgraded to 1.0.2zg   Medium
CVE-2023-27538 curl                 Upgraded to 8.0.1     Medium
CVE-2023-27537 curl                 Upgraded to 8.0.1     Medium
CVE-2023-27536 curl                 Upgraded to 8.0.1     Critical
CVE-2023-27535 curl                 Upgraded to 8.0.1     High
CVE-2023-27534 curl                 Upgraded to 8.0.1     High
CVE-2023-27533 curl                 Upgraded to 8.0.1     High
CVE-2023-23916 curl                 Upgraded to 8.0.1     Medium
CVE-2023-23915 curl                 Upgraded to 8.0.1     Medium
CVE-2023-23914 curl                 Upgraded to 8.0.1     Critical
CVE-2022-43552 curl                 Upgraded to 8.0.1     Medium
CVE-2022-43551 curl                 Upgraded to 8.0.1     High
CVE-2022-42916 curl                 Upgraded to 8.0.1     High
CVE-2022-42915 curl                 Upgraded to 8.0.1     Critical
CVE-2022-35260 curl                 Upgraded to 8.0.1     Medium
CVE-2022-32221 curl                 Upgraded to 8.0.1     Critical
CVE-2022-35252 curl                 Upgraded to 8.0.1     Low
CVE-2022-32208 curl                 Upgraded to 8.0.1     Medium
CVE-2022-32207 curl                 Upgraded to 8.0.1     Critical
CVE-2022-32206 curl                 Upgraded to 8.0.1     Medium
CVE-2022-32205 curl                 Upgraded to 8.0.1     Medium
CVE-2022-30115 curl                 Upgraded to 8.0.1     Medium
CVE-2022-27782 curl                 Upgraded to 8.0.1     High
CVE-2022-27781 curl                 Upgraded to 8.0.1     High
CVE-2022-27780 curl                 Upgraded to 8.0.1     High
CVE-2022-27779 curl                 Upgraded to 8.0.1     Medium
CVE-2022-27778 curl                 Upgraded to 8.0.1     High
CVE-2022-27776 curl                 Upgraded to 8.0.1     Medium
CVE-2022-27775 curl                 Upgraded to 8.0.1     High
CVE-2022-27774 curl                 Upgraded to 8.0.1     Medium
CVE-2022-22576 curl                 Upgraded to 8.0.1     High
CVE-2021-22947 curl                 Upgraded to 8.0.1     Medium
CVE-2021-22946 curl                 Upgraded to 8.0.1     High
CVE-2021-22945 curl                 Upgraded to 8.0.1     Critical
CVE-2021-22926 curl                 Upgraded to 8.0.1     High
CVE-2021-22925 curl                 Upgraded to 8.0.1     Medium
CVE-2021-22924 curl                 Upgraded to 8.0.1     Low
CVE-2021-22923 curl                 Upgraded to 8.0.1     Medium
CVE-2021-22922 curl                 Upgraded to 8.0.1     Medium
CVE-2021-22901 curl                 Upgraded to 8.0.1     High
CVE-2021-22898 curl                 Upgraded to 8.0.1     Low
CVE-2021-22897 curl                 Upgraded to 8.0.1     Medium
CVE-2021-22890 curl                 Upgraded to 8.0.1     Low
CVE-2021-22876 curl                 Upgraded to 8.0.1     Medium
CVE-2020-8286  curl                 Upgraded to 8.0.1     High
CVE-2020-8285  curl                 Upgraded to 8.0.1     High
CVE-2020-8284  curl                 Upgraded to 8.0.1     Low
CVE-2020-8231  curl                 Upgraded to 8.0.1     High
CVE-2020-8177  curl                 Upgraded to 8.0.1     High
CVE-2020-8169  curl                 Upgraded to 8.0.1     High
CVE-2022-36227 libarchive           Upgraded to 3.6.2     Critical
CVE-2021-31566 libarchive           Upgraded to 3.6.2     High
CVE-2021-36976 libarchive           Upgraded to 3.6.2     Medium
CVE-2021-3520  lz4                  Upgraded to 1.9.4     Critical
CVE-2022-35737 SQLite               Upgraded to 3.41.2    High
CVE-2018-25032 zlib                 Applied patch         High
CVE-2022-37434 zlib                 Applied patch         Critical
CVE-2020-15138 prismjs              Upgraded to 1.2.9     High
CVE-2022-37616 xmldom               Upgraded to 0.7.9     Critical
CVE-2022-23491 certifi              Upgraded to 2022.12.7 High
CVE-2021-29060 color-string         Upgraded to 1.5.5     Medium
CVE-2022-38900 decode-uri-component Upgraded to 0.2.1     High
CVE-2020-28469 glob-parent          Upgraded to 5.1.2     High
CVE-2022-46175 json5                Upgraded to 1.0.2     High
CVE-2022-46175 json5                Upgraded to 2.2.3     High
CVE-2022-37599 loader-utils         Upgraded to 2.0.4     High
CVE-2022-37601 loader-utils         Upgraded to 2.0.4     Critical
CVE-2022-37603 loader-utils         Upgraded to 2.0.4     High
CVE-2022-3517  minimatch            Upgraded to 3.0.5     High
CVE-2022-31129 moment               Upgraded to 2.29.4    High
CVE-2021-23343 path-parse           Upgraded to 1.0.7     High
CVE-2021-23368 postcss              Upgraded to 7.0.36    Medium
CVE-2021-23382 postcss              Upgraded to 7.0.36    High
CVE-2022-43680 python3              Upgraded to 3.7.16    High
CVE-2022-24999 qs                   Upgraded to 6.5.3     High
CVE-2020-7753  ssri                 Uppgraded to 6.0.2    High
CVE-2022-25858 terser               Upgraded to 4.8.1     High
CVE-2021-3803  nth-check            Upgraded to 2.0.1     High
CVE-2020-7753  trim                 Upgraded to 0.0.3     High
CVE-2021-33587 css-what             Upgraded to 5.0.1     High
CVE-2020-8116  dot-prop             Upgraded to 4.2.1     High
CVE-2020-13822 elliptic             Upgraded to 6.5.4     High
CVE-2022-33987 got                  Upgraded to 12.5.3    Medium
CVE-2022-4200  jackson-databind     Upgraded to 2.13.5    Medium
CVE-2022-42004 jackson-databind     Upgraded to 2.13.5    High
CVE-2023-1370  json-smart           Upgraded to 2.4.9     High
CVE-2019-20149 kind-of              Upgraded to 6.0.3     High
CVE-2022-37601 loader-utils         Upgraded to 1.4.2     Critical
CVE-2022-37601 loader-utils         Upgraded to 2.0.4     Critical
CVE-2020-8203  lodash               Upgraded to 4.17.21   High
CVE-2019-10744 lodash-es            Upgraded to 4.17.21   Critical
CVE-2022-40023 mako                 Upgraded to 1.2.4     High
CVE-2019-10746 mixin-deep           Upgraded to 1.3.2     Critical
CVE-2021-23382 postcss              Upgraded to 7.0.37    High
CVE-2021-33502 normalize-url        Upgraded to 6.1.0     High
CVE-2021-27292 ua-parser-js         Upgraded to 0.7.35    High
CVE-2021-33503 urllib3              Upgraded to 1.26.6    High
CVE-2020-7662  websocket-extensions Upgraded to 0.1.4     High
CVE-2020-7774  y18n                 Upgraded to 4.0.3     Critical
CVE-2022-23806 go, crypto/elliptic  Upgraded go to 1.2    Critical
CVE-2022-23772 go, math/big         Upgraded go to 1.2    High
CVE-2021-43565 go, x/crypto         Upgraded go to 1.2    High
CVE-2022-30580 go, os/exec          Upgraded go to 1.2    High
CVE-2022-30633 go, encoding/xml     Upgraded go to 1.2    High
CVE-2022-28131 go, encoding/xml     Upgraded go to 1.2    High
CVE-2022-30632 go, path/filepath    Upgraded go to 1.2    High
CVE-2022-41716 go                   Upgraded go to 1.2    High
CVE-2022-28327 go, crypto/elliptic  Upgraded go to 1.2    High
CVE-2022-24921 go                   Upgraded go to 1.2    High
CVE-2022-30630 go, io/fs            Upgraded go to 1.2    High
CVE-2022-27191 go, crypto/ssh       Upgraded go to 1.2    High
CVE-2022-23773 go, cmd/go           Upgraded go to 1.2    High
CVE-2022-30634 go, crypto/rand      Upgraded go to 1.2    High
CVE-2022-41715 go                   Upgraded go to 1.2    High
CVE-2022-24675 go, encoding/pem     Upgraded go to 1.2    High
CVE-2022-41720 go                   Upgraded go to 1.2    High
CVE-2022-27664 go, net/http         Upgraded go to 1.2    High
CVE-2022-2880  go, net/http         Upgraded go to 1.2    High
CVE-2022-29804 go, path/filepath    Upgraded go to 1.2    High
CVE-2022-32189 go, math/big         Upgraded go to 1.2    High
CVE-2022-30635 go, encoding/gob     Upgraded go to 1.2    High
CVE-2022-30631 go, compress/gzip    Upgraded go to 1.2    High
CVE-2022-2879  go                   Upgraded go to 1.2    High
CVE-2022-1705  go, net/http         Upgraded go to 1.2    Medium
CVE-2022-1962  go, go/parse         Upgraded go to 1.2    Medium
CVE-2022-29526 go, sys              Upgraded go to 1.2    Medium
CVE-2022-32148 go, net/http         Upgraded go to 1.2    Medium
CVE-2022-30629 go, crypto/tls       Upgraded go to 1.2    Low
CVE-2017-16042 Growl                Upgraded to 1.10.5    Critical
CVE-2021-20095 Babel                Upgraded to 2.9.1     Medium

Solution

For Splunk Enterprise, upgrade versions to 8.1.14, 8.2.11, 9.0.5, or higher.

Product Status

     Product      Version Component Affected Version Fix Version
Splunk Enterprise 8.1     -         8.1.13 and Lower 8.1.14
Splunk Enterprise 8.2     -         8.2.0 to 8.2.10  8.2.11
Splunk Enterprise 9.0     -         9.0.0 to 9.0.4   9.0.5

Severity

For the CVEs listed above, Splunk adopted the national vulnerability database
(NVD) CVSS rating to align with industry standards.

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: https://auscert.org.au/gpg-key/

iQIVAwUBZHmJJMkNZI30y1K9AQgcExAAm0z+24F3xKySHFl961nqlN3mwr0eCOac
nDQ97g2el95vI7hKTN+sOlw48eBet2DwYyKA1GcKu1nr5IZElWa/qoSiZAH2dqik
JcALwwqqjHA3CrHBSNmxPCO37RsxUlwJ2074wBqNJRdD/Eh6uNjIigHagsEbULzA
n8CsMm3r+u6nWj1SE0W4Mb3iM/89n2qlsBc2xKmllCs+2Ph5GM2r1afmHSh4BOQu
Y/Ewh1spdoqwxNU2hvQGrhGUHNo0LG3cdz4bNyHLxPTwT0n1bGR9vWApEj6mNEFX
yheRhclPQEBeH6hNjRYWvhC2Px7NXJ1HwTtcozgul9pRi/OLnIWn2sn8xDm2BQIS
sXFAfHTsIWas7eWa8gQKcFyHxDrbZoif/eqdgyFTgMSy9tjgBPFlwpyykVppfUZ6
p9zUi93zU0NqwidZ67uBgb5nDZX5VQ07EEWB3lSps2w/pYFmIsE+bSCj7TSS4vKm
XTO9L8j1KGX6gswWegiYErRKcPUgUzy+26+JHwWNyBZP2cLD33CMvvwfAkW89rXR
9yrc2TyTLPzHITQX8x69pRawTz7fybHgixwXMULXBGolehj5OWnkNGaBDRw46YO/
eN0u8hy0//o5mpnIE/qnhGXI7TXDhT368MZN61H7nHkgvOvjeQ/z0vn/Rgitkcx+
/sTLKf2EPns=
=cHP9
-----END PGP SIGNATURE-----