Fixed issues: Vulnerabilities for Splunk v8.2.6.1 and v8.2.7 have now been fixed

by Riversafe

Splunk recently revealed a couple of vulnerabilities in Splunk Enterprise.

The issues related to how Splunk universal forwarders publish forward bundles and could be used to execute arbitrary code on universal forwarders across the environment.

Here’s the Vendor Security Announcement –https://www.splunk.com/en_us/product-security/announcements/svd-2022-0608.html

After initially releasing updates for this issue, version 9.0.0, Splunk have since made further updates.

See here in 2.6.1 – release notes and 2.7 – release notes

This will allow users of recent versions of Splunk v8 to update their systems without making the move to version 9.0.0.

Note: At the time of writing, 8th July 2022, there doesn’t seem to be any active exploitation of this vulnerability.

Fixed issues

Splunk Enterprise 8.2.6 was released on April 5, 2022. This release includes fixes for the following issues.

Issues are listed in all relevant sections. Some issues might appear more than once.

Search issues

Date resolved Issue number Description
2022-02-17 SPL-218248, SPL-219117, SPL-219118 Exported CSV header uses LF as line break rather than CRLF at line end in Windows
2022-02-16 SPL-218333, SPL-217908 Crashing thread: Bucket Summary Actor Thread for ES multiple Data model accelerations
2022-02-14 SPL-218307, SPL-202832 export of search results to json or csv fails. Output file contains “414 Request-URI Too Long”
2022-02-02 SPL-218250, SPL-216764 Event search with sub search using earliest/latest will return less/no results as the values for earliest/latest are searched for in the index

Saved search, alerting, scheduling, and job management issues

Date resolved Issue number Description
2022-02-16 SPL-218333, SPL-217908 Crashing thread: Bucket Summary Actor Thread for ES multiple Data model accelerations
2022-02-02 SPL-217701, SPL-216799 Triggered alerts are not displayed correctly in ‘Triggered Alerts’ after restart if one triggerd alert is deleted

Charting, reporting, and visualization issues

Date resolved Issue number Description
2022-02-15 SPL-218996, SPL-207039 Single Value Visualization on Dashboard displays smaller font

Data model and pivot issues

Date resolved Issue number Description
2022-02-16 SPL-218333, SPL-217908 Crashing thread: Bucket Summary Actor Thread for ES multiple Data model accelerations

Indexer and indexer clustering issues

Date resolved Issue number Description
2022-02-08 SPL-216424, SPL-214350 Search process accumulation on indexers, due to impaired reuse and clean up of search processes, under extremely high incoming search request rates.

Distributed search and search head clustering issues

Date resolved Issue number Description
2022-02-15 SPL-216618, SPL-218407, SPL-219070 Too many Exception while processing request after upgrade from 8.0.7 to 8.2.2

Splunk Web and interface issues

Date resolved Issue number Description
2022-02-08 SPL-215546, SPL-218247 timeout values are not displayed under ‘Timeout settings’ on ‘Distributed search setup’ page

Uncategorized issues

Date resolved Issue number Description
2022-04-27 SPL-222658 List of third-party software incorrectly specifies zlib version 1.2.8 instead of version 1.2.11
2022-02-15 SPL-218997, SPL-215756 Splunk dashboard (Classic) – text within a single value / trellis displays becomes unreadable on auto-refresh in non-full screen mode
2022-02-09 SPL-218175, SPL-200514 KV Store backup/restore size limit is much lower than storage size limit
2022-02-07 SPL-218453, SPL-216068 Can not use field alias when searching virtual index
2022-01-26 SPL-217630, SPL-211991 deployer errors when special characters like @ and # appear in the app names
2022-01-18 SPL-217246, SPL-215556 Splunk Enterprise – when httpout is configured on Splunk Enterprise, splunkd should return a failure
Riversafe

By Riversafe

Cyber Security Intelligence Experts