Operating System:

[WIN][UNIX/Linux]

Published:

17 November 2023

Protect yourself against future threats.

//Service

Incident Management

Whether it is proactive or reactive services you're after, we will help you detect, interpret and respond to attacks from across the globe.

Read more
Resources > Security Bulletins > ESB-2023.6840 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2023.6840
        SVD-2023-1105: November 2023 Third Party Package updates in
                             Splunk Enterprise
                             17 November 2023

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           Third Party Packages in Splunk Enterprise
Publisher:         Splunk
Operating System:  UNIX variants (UNIX, Linux, OSX)
                   Windows
Resolution:        Patch/Upgrade
CVE Names:         CVE-2023-24329 CVE-2023-3817 CVE-2023-3446
                   CVE-2022-31799 CVE-2021-22570 

Original Bulletin: 
   https://advisory.splunk.com//advisories/SVD-2023-1105

Comment: CVSS (Max):  9.8 CVE-2022-31799 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
         CVSS Source: [NIST], Google Inc.
         Calculator:  https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

- --------------------------BEGIN INCLUDED TEXT--------------------

November 2023 Third Party Package updates in Splunk Enterprise

Advisory ID: SVD-2023-1105

CVE ID: Multiple

Published: 2023-11-16

Last Update: 2023-11-16

Description

Splunk remedied common vulnerabilities and exposures (CVEs) in Third Party
Packages in Splunk Enterprise, including the following:

Package      Remediation        Severity
protobuf Upgraded to 3.15.8  CVE-2021-22570
bottle   Upgraded to 0.12.25 CVE-2022-31799
python   Upgraded to 3.7.17  CVE-2023-24329
openssl  Upgraded to 1.0.2zi CVE-2023-3817
openssl  Upgraded to 1.0.2zi CVE-2023-3446

Solution

For Splunk Enterprise, upgrade versions to 9.0.7 or 9.1.2.

Product Status

     Product      Version Component  Affected Version Fix Version
Splunk Enterprise 9.0     Splunk Web 9.0.0 to 9.0.6   9.0.7
Splunk Enterprise 9.1     Splunk Web 9.1.0 to 9.1.1   9.1.2

Severity

For the CVEs in this list, Splunk adopted the national vulnerability database
(NVD) common vulnerability scoring system (CVSS) rating to align with industry
standards.

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: https://auscert.org.au/gpg-key/

iQIVAwUBZVa3HMkNZI30y1K9AQhioQ//TNKCweG1X2IRZ3/4XV2Vl8GPRGssHGBY
hHcbVwv355mhrxt7Ww7HdxLvAwvktvI2gw2FLvnKGbEK3a6V2LWAr/Hhp+sXtih1
XK+jLnd286m9QuLtLIteMT3q1MC1w2gv261iXHjmlLxpcxB8r6308K1xJa2794i5
WzOLmLoYt8OHKt/sS3TvhZpZYujwGl25+5qc0isYoVLoWwgEKlMIly7Tc24/0WPX
kk1TF30i7lUPhuVJehHMzgigByNXS9TFR9/mNFfRs9Dcq9eBrgDoxjN27239vPBq
uYKsLDYF2vdbb6hKY/cQq9rkHWQc9WZQJyp5U/174k4dNrC7bzG3xYsiFNuDWYZg
YmNeArV26qSCqjfxe07v1IL/nVZ8lfThNQj7KOf7lsP+7Nou+xU9WpunmTsanaCJ
KHEXUGbaUkjXyfjWPe0/DVw9J+hxdQYx+eYhYcZKtuQFbwC9b0RynZ1+S3FRHJ7G
9+//ldUufQJEuk/PgVTiGiyO6ag+qZ6pEYUJkI29f/1Rf5BgzAuQyEP13lDYfj8r
Jf4qK6G5T2rtRnfSkzjAtzgfSJusy724f65TjYocAG07T1UEQkpMV9I6x57+MAD9
npD0wdxRTutNSQzYJkmaZgLiliBRIqQq91huxup0z8W9pjPMA3cHWQB/rGVVmrFK
iwZgG8xGOu0=
=NkMF
-----END PGP SIGNATURE-----