-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2023.3146
         SVD-2023-0614: June Third Party Package Updates in Splunk
                           Universal Forwarders
                                2 June 2023

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           Universal Forwarders
Publisher:         Splunk
Operating System:  Windows
                   UNIX variants (UNIX, Linux, OSX)
Resolution:        Patch/Upgrade
CVE Names:         CVE-2023-27538 CVE-2023-27537 CVE-2023-27536
                   CVE-2023-27535 CVE-2023-27534 CVE-2023-27533
                   CVE-2023-23916 CVE-2023-23915 CVE-2023-23914
                   CVE-2023-0286 CVE-2023-0215 CVE-2022-43552
                   CVE-2022-43551 CVE-2022-42916 CVE-2022-42915
                   CVE-2022-40304 CVE-2022-40303 CVE-2022-37434
                   CVE-2022-36227 CVE-2022-35737 CVE-2022-35260
                   CVE-2022-35252 CVE-2022-32221 CVE-2022-32208
                   CVE-2022-32207 CVE-2022-32206 CVE-2022-32205
                   CVE-2022-30115 CVE-2022-27782 CVE-2022-27781
                   CVE-2022-27780 CVE-2022-27779 CVE-2022-27778
                   CVE-2022-27776 CVE-2022-27775 CVE-2022-27774
                   CVE-2022-22576 CVE-2022-4304 CVE-2021-36976
                   CVE-2021-31566 CVE-2021-22947 CVE-2021-22946
                   CVE-2021-22945 CVE-2021-22926 CVE-2021-22925
                   CVE-2021-22924 CVE-2021-22923 CVE-2021-22922
                   CVE-2021-22901 CVE-2021-22898 CVE-2021-22897
                   CVE-2021-22890 CVE-2021-22876 CVE-2021-3520
                   CVE-2020-8286 CVE-2020-8285 CVE-2020-8284
                   CVE-2020-8231 CVE-2020-8177 CVE-2020-8169
                   CVE-2018-25032  

Original Bulletin: 
   https://advisory.splunk.com//advisories/SVD-2023-0614

Comment: CVSS (Max):  9.8 CVE-2022-42915 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
         CVSS Source: NVD
         Calculator:  https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

- --------------------------BEGIN INCLUDED TEXT--------------------

June Third Party Package Updates in Splunk Universal Forwarders

Advisory ID: SVD-2023-0614

CVE ID: Multiple

Published: 2023-06-01

Last Update: 2023-06-01

Description

Splunk remedied common vulnerabilities and exposures (CVEs) in Third Party
Packages in versions 8.1.14, 8.2.11, and 9.0.5 of Splunk Universal Forwarder,
including the following:

     CVE          Package        Remediation     Severity
CVE-2022-40303 libxml2       Patched             High
CVE-2022-40304 libxml2       Patched             High
CVE-2023-0286  OpenSSL 1.0.2 Upgraded to 1.0.2zg High
CVE-2023-0215  OpenSSL 1.0.2 Upgraded to 1.0.2zg High
CVE-2022-4304  OpenSSL 1.0.2 Upgraded to 1.0.2zg Medium
CVE-2023-27538 curl          Upgraded to 8.0.1   Medium
CVE-2023-27537 curl          Upgraded to 8.0.1   Medium
CVE-2023-27536 curl          Upgraded to 8.0.1   Critical
CVE-2023-27535 curl          Upgraded to 8.0.1   High
CVE-2023-27534 curl          Upgraded to 8.0.1   High
CVE-2023-27533 curl          Upgraded to 8.0.1   High
CVE-2023-23916 curl          Upgraded to 8.0.1   Medium
CVE-2023-23915 curl          Upgraded to 8.0.1   Medium
CVE-2023-23914 curl          Upgraded to 8.0.1   Critical
CVE-2022-43552 curl          Upgraded to 8.0.1   Medium
CVE-2022-43551 curl          Upgraded to 8.0.1   High
CVE-2022-42916 curl          Upgraded to 8.0.1   High
CVE-2022-42915 curl          Upgraded to 8.0.1   Critical
CVE-2022-35260 curl          Upgraded to 8.0.1   Medium
CVE-2022-32221 curl          Upgraded to 8.0.1   Critical
CVE-2022-35252 curl          Upgraded to 8.0.1   Low
CVE-2022-32208 curl          Upgraded to 8.0.1   Medium
CVE-2022-32207 curl          Upgraded to 8.0.1   Critical
CVE-2022-32206 curl          Upgraded to 8.0.1   Medium
CVE-2022-32205 curl          Upgraded to 8.0.1   Medium
CVE-2022-30115 curl          Upgraded to 8.0.1   Medium
CVE-2022-27782 curl          Upgraded to 8.0.1   High
CVE-2022-27781 curl          Upgraded to 8.0.1   High
CVE-2022-27780 curl          Upgraded to 8.0.1   High
CVE-2022-27779 curl          Upgraded to 8.0.1   Medium
CVE-2022-27778 curl          Upgraded to 8.0.1   High
CVE-2022-27776 curl          Upgraded to 8.0.1   Medium
CVE-2022-27775 curl          Upgraded to 8.0.1   High
CVE-2022-27774 curl          Upgraded to 8.0.1   Medium
CVE-2022-22576 curl          Upgraded to 8.0.1   High
CVE-2021-22947 curl          Upgraded to 8.0.1   Medium
CVE-2021-22946 curl          Upgraded to 8.0.1   High
CVE-2021-22945 curl          Upgraded to 8.0.1   Critical
CVE-2021-22926 curl          Upgraded to 8.0.1   High
CVE-2021-22925 curl          Upgraded to 8.0.1   Medium
CVE-2021-22924 curl          Upgraded to 8.0.1   Low
CVE-2021-22923 curl          Upgraded to 8.0.1   Medium
CVE-2021-22922 curl          Upgraded to 8.0.1   Medium
CVE-2021-22901 curl          Upgraded to 8.0.1   High
CVE-2021-22898 curl          Upgraded to 8.0.1   Low
CVE-2021-22897 curl          Upgraded to 8.0.1   Medium
CVE-2021-22890 curl          Upgraded to 8.0.1   Low
CVE-2021-22876 curl          Upgraded to 8.0.1   Medium
CVE-2020-8286  curl          Upgraded to 8.0.1   High
CVE-2020-8285  curl          Upgraded to 8.0.1   High
CVE-2020-8284  curl          Upgraded to 8.0.1   Low
CVE-2020-8231  curl          Upgraded to 8.0.1   High
CVE-2020-8177  curl          Upgraded to 8.0.1   High
CVE-2020-8169  curl          Upgraded to 8.0.1   High
CVE-2022-36227 libarchive    Upgraded to 3.6.2   Critical
CVE-2021-31566 libarchive    Upgraded to 3.6.2   High
CVE-2021-36976 libarchive    Upgraded to 3.6.2   Medium
CVE-2021-3520  lz4           Upgraded to 1.9.4   Critical
CVE-2022-35737 SQLite        Upgraded to 3.41.2  High
CVE-2018-25032 zlib          Applied patch       High
CVE-2022-37434 zlib          Applied patch       Critical

Solution

For Splunk Universal Forwarder, upgrade versions to 8.1.14, 8.2.11, 9.0.5, or
higher.

Product Status

      Product        Version Component Affected Version Fix Version
Universal Forwarders 8.1     -         8.1.13 and Lower 8.1.14
Universal Forwarders 8.2     -         8.2.0 to 8.2.10  8.2.11
Universal Forwarders 9.0     -         9.0.0 to 9.0.4   9.0.5

Severity

For the CVEs in this list, Splunk adopted the national vulnerability database
(NVD) CVSS rating to align with industry standards.

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: https://auscert.org.au/gpg-key/

iQIVAwUBZHmJ1MkNZI30y1K9AQjk5w/9Fz0fB5y9y3L/WsIhnJz6RmAPx0vifDyF
NlsV99fNE4WXdP5bXNBOS3ROWkl2QUx6h2vhZXRFrlzbczLGpIY8g288SN51ETWE
pW4wrj2IMis6CUp1pQs/2vY29OH/NUrQfreGr3ypCXzfsEq/0yhKcUCcthVG+m3f
fT9cWAnOsCh5h4kFqfMVAZ8nSYUzQta7oWxSjP9Ni0Uh1fNo7C+wzPyqN0kiLrUv
LYnmQlGWKCwgrcYhWM8tbr8LhIaidEC9eWNCDBsh1gN1txkG5w1We6cnLQy3x+Re
TV/pPUQ/WHR372P8DmLCTsiSflsM5U5j2B/KNo92q35GyMmeR2zC3+fFE8pZOMWn
vp3KF3TXr+7yZQUVO76F1h2+WyCz6jXCw8Oj/Tzpb01THRZQP+/xSo9XUCihIk52
i4qbBkD3TH5eJ7TO4js8ayGtpa1NGVW3DShoCrWQLy33CrWVrqY+y/+hJYsg3RKB
+Re17hx0un8LvaLRouQJMX5f5cYgObUDz/UJrXLUYWfP3BU1nkXCR8Yd3eK4QZsw
sZOUwKSUapPexInQyX6hl987PG89c8dY3En1mGFBap9ajUOVmZcLwkCFSWOUbol5
aCVbVoYp00fIVWiRjpoO/GxlWMZVAlYV5nfOgs7K9q9Z/o3fKqGpIknM7MI1H/JH
Z7NBpqTb4TE=
=BYmE
-----END PGP SIGNATURE-----