Operating System:

[WIN][UNIX/Linux]

Published:

31 August 2023

Protect yourself against future threats.

//Service

Member Security Incident Notifications

Be proactive with your security and receive our daily Member Security Incident Notifications (MSINs) custom to your network.

Read more
Resources > Security Bulletins > ESB-2023.4969 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2023.4969
        SVD-2023-0809: August Third Party Package Updates in Splunk
                            Universal Forwarder
                              31 August 2023

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           Splunk Universal Forwarder
Publisher:         Splunk
Operating System:  Windows
                   UNIX variants (UNIX, Linux, OSX)
Resolution:        Patch/Upgrade
CVE Names:         CVE-2023-27538 CVE-2023-27537 CVE-2023-27536
                   CVE-2023-27535 CVE-2023-27534 CVE-2023-27533
                   CVE-2023-23916 CVE-2023-23915 CVE-2023-23914
                   CVE-2022-43552 CVE-2022-43551 CVE-2022-42916
                   CVE-2022-42915 CVE-2022-36227 CVE-2022-35737
                   CVE-2022-35260 CVE-2022-35252 CVE-2022-32221
                   CVE-2022-32208 CVE-2022-32207 CVE-2022-32206
                   CVE-2022-32205 CVE-2022-30115 CVE-2022-27782
                   CVE-2022-27781 CVE-2022-27780 CVE-2022-27779
                   CVE-2022-27778 CVE-2022-27776 CVE-2022-27775
                   CVE-2022-27774 CVE-2022-22576 CVE-2021-36976
                   CVE-2021-31566 CVE-2021-30560 CVE-2021-22947
                   CVE-2021-22946 CVE-2021-22945 CVE-2021-22926
                   CVE-2021-22925 CVE-2021-22924 CVE-2021-22923
                   CVE-2021-22922 CVE-2021-22901 CVE-2021-22898
                   CVE-2021-22897 CVE-2021-22890 CVE-2021-22876
                   CVE-2021-3520 CVE-2020-14155 CVE-2020-8286
                   CVE-2020-8285 CVE-2020-8284 CVE-2020-8231
                   CVE-2020-8177 CVE-2020-8169 CVE-2019-20838
                   CVE-2019-20454  

Original Bulletin: 
   https://advisory.splunk.com//advisories/SVD-2023-0809

Comment: CVSS (Max):  9.8 CVE-2022-36227 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
         CVSS Source: NIST
         Calculator:  https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

- --------------------------BEGIN INCLUDED TEXT--------------------

August Third Party Package Updates in Splunk Universal Forwarder

Advisory ID: SVD-2023-0809

CVE ID: Multiple

Published: 2023-08-30

Last Update: 2023-08-30

Description

Splunk remedied common vulnerabilities and exposures (CVEs) in Third Party
Packages in Splunk Universal Forwarder, including the folLowing:

     CVE        Package      Remediation     Severity
CVE-2021-30560 libxslt    Patched            High
CVE-2021-30560 libxslt    Patched            High
CVE-2023-27538 curl       Upgraded to 8.0.1  Medium
CVE-2023-27537 curl       Upgraded to 8.0.1  Medium
CVE-2023-27536 curl       Upgraded to 8.0.1  Medium
CVE-2023-27535 curl       Upgraded to 8.0.1  Medium
CVE-2023-27534 curl       Upgraded to 8.0.1  High
CVE-2023-27533 curl       Upgraded to 8.0.1  High
CVE-2023-23916 curl       Upgraded to 8.0.1  Medium
CVE-2023-23915 curl       Upgraded to 8.0.1  Medium
CVE-2023-23914 curl       Upgraded to 8.0.1  Critical
CVE-2022-43552 curl       Upgraded to 8.0.1  Medium
CVE-2022-43551 curl       Upgraded to 8.0.1  High
CVE-2022-42916 curl       Upgraded to 8.0.1  High
CVE-2022-42915 curl       Upgraded to 8.0.1  High
CVE-2022-35260 curl       Upgraded to 8.0.1  Medium
CVE-2022-32221 curl       Upgraded to 8.0.1  Critical
CVE-2022-35252 curl       Upgraded to 8.0.1  Low
CVE-2022-32208 curl       Upgraded to 8.0.1  Medium
CVE-2022-32207 curl       Upgraded to 8.0.1  Critical
CVE-2022-32206 curl       Upgraded to 8.0.1  Medium
CVE-2022-32205 curl       Upgraded to 8.0.1  Medium
CVE-2022-30115 curl       Upgraded to 8.0.1  Medium
CVE-2022-27782 curl       Upgraded to 8.0.1  High
CVE-2022-27781 curl       Upgraded to 8.0.1  High
CVE-2022-27780 curl       Upgraded to 8.0.1  High
CVE-2022-27779 curl       Upgraded to 8.0.1  Medium
CVE-2022-27778 curl       Upgraded to 8.0.1  High
CVE-2022-27776 curl       Upgraded to 8.0.1  Medium
CVE-2022-27775 curl       Upgraded to 8.0.1  High
CVE-2022-27774 curl       Upgraded to 8.0.1  Medium
CVE-2022-22576 curl       Upgraded to 8.0.1  High
CVE-2021-22947 curl       Upgraded to 8.0.1  Medium
CVE-2021-22946 curl       Upgraded to 8.0.1  High
CVE-2021-22945 curl       Upgraded to 8.0.1  Critical
CVE-2021-22926 curl       Upgraded to 8.0.1  High
CVE-2021-22925 curl       Upgraded to 8.0.1  Medium
CVE-2021-22924 curl       Upgraded to 8.0.1  Low
CVE-2021-22923 curl       Upgraded to 8.0.1  Medium
CVE-2021-22922 curl       Upgraded to 8.0.1  Medium
CVE-2021-22901 curl       Upgraded to 8.0.1  High
CVE-2021-22898 curl       Upgraded to 8.0.1  Low
CVE-2021-22897 curl       Upgraded to 8.0.1  Medium
CVE-2021-22890 curl       Upgraded to 8.0.1  Low
CVE-2021-22876 curl       Upgraded to 8.0.1  Medium
CVE-2020-8286  curl       Upgraded to 8.0.1  High
CVE-2020-8285  curl       Upgraded to 8.0.1  High
CVE-2020-8284  curl       Upgraded to 8.0.1  Low
CVE-2020-8231  curl       Upgraded to 8.0.1  High
CVE-2020-8177  curl       Upgraded to 8.0.1  High
CVE-2020-8169  curl       Upgraded to 8.0.1  High
CVE-2022-36227 libarchive Upgraded to 3.6.2  Critical
CVE-2021-31566 libarchive Upgraded to 3.6.2  High
CVE-2021-36976 libarchive Upgraded to 3.6.2  Medium
CVE-2021-3520  lz4        Upgraded to. 1.9.4 Critical
CVE-2020-14155 pcre2      Upgraded to 10.40  Medium
CVE-2019-20454 pcre2      Upgraded to 10.40  High
CVE-2019-20838 pcre2      Upgraded to 10.40  High
CVE-2020-14155 pcre2      Upgraded to 10.40  Medium
CVE-2019-20454 pcre2      Upgraded to 10.40  High
CVE-2019-20838 pcre2      Upgraded to 10.40  High
CVE-2022-35737 sqlite     Upgraded to 3.41.2 High

Solution

For Splunk Universal Forwarder, upgrade versions to 8.2.12, 9.0.6, or 9.1.1.

Product Status

      Product       Version Component Affected Version Fix Version
Universal Forwarder 8.2     -         8.2.0 to 8.2.11  8.2.12
Universal Forwarder 9.0     -         9.0.0 to 9.0.5   9.0.6
Universal Forwarder 9.1     -         9.1.0            9.1.1

Severity

For the CVEs in this list, Splunk adopted the national vulnerability database
(NVD) common vulnerability scoring system (CVSS) rating to align with industry
standards.

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: https://auscert.org.au/gpg-key/

iQIVAwUBZPAfjskNZI30y1K9AQjE6Q//ZEFzMRdw3ZNy47WldQn3nOqL0fEc8NaZ
eZEmOu5bD8nFIavoNrV8YcYxggDgqqts+fcgmLq9ztvNcEtzGLoNDDz/1wOUOmSD
u2oWKN1lsum40Th4pOhsw2bidi0IwzZRPgkWESCvIcW5+M18uoCt8lgFsw5RQHrb
PN6Q3Rteks0CA7L4DE4Dot/JjghZPc3/cR0ocxUMDeO4W1JL8APh1CTtZ+73tyas
GDU5wH70DSiC68G+BS+5CpkVl1vqJpvPHMox7/ipFl/EZ0dOI4f93JyZ/vjgfqR4
gGPs1MOLNXQZvZxq6DD4mxNTn1YUQvGngmot011PCZGPRKH4hrg9yTiBR4+WX8Y6
rauFaaEhfFZ+lbgIs7aujN4sRtFZWPI4HpEJpLPz95hHlwIXBgHuoozy1vU5jomx
jAbKjdGVoZSzLb5VeGdDEvoVzZaxfxandCOc6pdL/ii5ObdwvFAH3q2VZ6VoF9ts
3K41+OSY2CofgSjhJdF5U1cwlKk1ZbS8iK8nKAS4dRc9BQjflJ+9iywou7yiwOVx
9jeerqMK7e4vz0XFTLCCZnTJKXqE/6P31IufUol4hwNoK+EJR9+ABV9bUoHzDERY
m/G/gsDNWgdVTZK6o9P5m00ewpzTnv6bCrNG7nPiXrNruYH6imY0Q7Av/tlX6IEB
/neDe5iIcH8=
=mEuY
-----END PGP SIGNATURE-----