Fixed issues: Vulnerabilities for Splunk v8.2.6.1 and v8.2.7 have now been fixed

by Riversafe

Splunk recently revealed a couple of vulnerabilities in Splunk Enterprise.

The issues related to how Splunk universal forwarders publish forward bundles and could be used to execute arbitrary code on universal forwarders across the environment.

Here’s the Vendor Security Announcement –https://www.splunk.com/en_us/product-security/announcements/svd-2022-0608.html

After initially releasing updates for this issue, version 9.0.0, Splunk have since made further updates.

See here in 2.6.1 – release notes and 2.7 – release notes

This will allow users of recent versions of Splunk v8 to update their systems without making the move to version 9.0.0.

Note: At the time of writing, 8^th July 2022, there doesn’t seem to be any active exploitation of this vulnerability.

Fixed issues

Splunk Enterprise 8.2.6 was released on April 5, 2022. This release includes fixes for the following issues.

Issues are listed in all relevant sections. Some issues might appear more than once.

Search issues

Date resolved	Issue number	Description
2022-02-17	SPL-218248, SPL-219117, SPL-219118	Exported CSV header uses LF as line break rather than CRLF at line end in Windows
2022-02-16	SPL-218333, SPL-217908	Crashing thread: Bucket Summary Actor Thread for ES multiple Data model accelerations
2022-02-14	SPL-218307, SPL-202832	export of search results to json or csv fails. Output file contains “414 Request-URI Too Long”
2022-02-02	SPL-218250, SPL-216764	Event search with sub search using earliest/latest will return less/no results as the values for earliest/latest are searched for in the index

Saved search, alerting, scheduling, and job management issues

Date resolved	Issue number	Description
2022-02-16	SPL-218333, SPL-217908	Crashing thread: Bucket Summary Actor Thread for ES multiple Data model accelerations
2022-02-02	SPL-217701, SPL-216799	Triggered alerts are not displayed correctly in ‘Triggered Alerts’ after restart if one triggerd alert is deleted

Charting, reporting, and visualization issues

Date resolved	Issue number	Description
2022-02-15	SPL-218996, SPL-207039	Single Value Visualization on Dashboard displays smaller font

Data model and pivot issues

Date resolved	Issue number	Description
2022-02-16	SPL-218333, SPL-217908	Crashing thread: Bucket Summary Actor Thread for ES multiple Data model accelerations

Indexer and indexer clustering issues

Date resolved	Issue number	Description
2022-02-08	SPL-216424, SPL-214350	Search process accumulation on indexers, due to impaired reuse and clean up of search processes, under extremely high incoming search request rates.

Distributed search and search head clustering issues

Date resolved	Issue number	Description
2022-02-15	SPL-216618, SPL-218407, SPL-219070	Too many Exception while processing request after upgrade from 8.0.7 to 8.2.2

Splunk Web and interface issues

Date resolved	Issue number	Description
2022-02-08	SPL-215546, SPL-218247	timeout values are not displayed under ‘Timeout settings’ on ‘Distributed search setup’ page

Uncategorized issues

Date resolved	Issue number	Description
2022-04-27	SPL-222658	List of third-party software incorrectly specifies zlib version 1.2.8 instead of version 1.2.11
2022-02-15	SPL-218997, SPL-215756	Splunk dashboard (Classic) – text within a single value / trellis displays becomes unreadable on auto-refresh in non-full screen mode
2022-02-09	SPL-218175, SPL-200514	KV Store backup/restore size limit is much lower than storage size limit
2022-02-07	SPL-218453, SPL-216068	Can not use field alias when searching virtual index
2022-01-26	SPL-217630, SPL-211991	deployer errors when special characters like @ and # appear in the app names
2022-01-18	SPL-217246, SPL-215556	Splunk Enterprise – when httpout is configured on Splunk Enterprise, splunkd should return a failure

By Riversafe

Experts in DevOps, Cyber Security and Data Operations

Resources

Thoughts and articles from our technical team