Final status: Splunk and the Heartbleed vulnerability
Dear Splunk users,
We’re expecting this to be our final blog post about how we’re handling the Heartbleed OpenSSL vulnerability (CVE-2014-0160). For background, here are the previous installments from us:
What’s been done, products and services
We’ve updated and secured our products and services as follows:·
- Splunk Enterprise: We delivered a fixed version of our Splunk Enterprise software, as well as patches for the currently shipping versions. Refer to http://blogs.splunk.com/2014/04/10/fix-now-available-splunk-and-the-heartbleed-vulnerability/ this post for the links.
- Splunk Cloud offerings: As stated in http://blogs.splunk.com/2014/04/09/splunk-and-the-heartbleed-ssl-vulnerability/, our Splunk Storm and Splunk Cloud services were both secured last week.
- Bugsense (a Splunk company): We have secured the Bugsense service as described in this blog post: http://blog.bugsense.com/post/82717545967/bugsenses-actions-to-address-the-heartbleed-issue
- Cloudmeter (a Splunk company): The
Fix now available: Splunk and the Heartbleed vulnerability
Dear Splunk users,
This is an update to yesterday’s post on our handling of the OpenSSL Heartbleed vulnerability. Thank you again for your patience and understanding as we spent the necessary time to prepare and test our fix for this important issue. As I mentioned yesterday, we are working hard to balance getting the fix out to you as quickly as possible while still spending sufficient time testing it to ensure a high quality delivery.
Take me to the fix!
As of now, Splunk Enterprise 6.0.3 is now available for download. This includes universal forwarder builds.
This release contains two fixes for vulnerabilities in OpenSSL:
- CVE-2014-0160 – OpenSSL 1.0.1 TLS Heartbeat leaks sensitive information (also known as the “Heartbleed”
Splunk and the Heartbleed SSL vulnerability
(Update: we’ve posted a fix for this issue, see http://blogs.splunk.com/2014/04/10/fix-now-available-splunk-and-the-heartbleed-vulnerability/.)
Dear Splunk users,
As you’re likely aware, a significant vulnerability in OpenSSL, which the security community is calling the “Heartbleed” vulnerability, was discovered and publicized earlier this week. This is not a bug in code that Splunk produced, but rather in a component of a package that is in common use throughout the software industry.
The purpose of this blog post is to inform you about what Splunk is doing to address this issue. For more detailed information about the vulnerability itself, refer to http://heartbleed.com.
Here’s what you need to know:
What versions of Splunk are affected?
- Splunk Enterprise versions 6.0, 6.0.1, and 6.0.2 are affected. This includes
That happened: episode 39
This week in “That happened: notes from #splunk”, a blog about the goings-on in the Splunk IRC channel: Splunk results on your iPad–or anywhere, bromance is in the air, you may want to go back to college, gems from the tip jar:
Do you use statusboard on your iPad?
Starcher wrote a cool thing!
This makes me think of another “get your Splunk on anywhere your iDevice is” project, the Splunk Everywhere utility written by David Carasso. Check out his blog post about it here: http://blogs.splunk.com/2014/01/29/splunk-alerts-and-charts-on-your-iphone/
Jeffums (aka DaGryph) makes …
That happened: episode 38
HAPPY NEW YEAR from “That happened: notes from #splunk”, a blog about the goings-on in the Splunk IRC channel. This week: Who are these weirdos and what do they want you to know, externally bloggy hotness, Splunk and your family, highlighting a rockstar in our midst.
I wish I’d known that when….
Denizens of the #splunk IRC channel have begun keeping a page of tips and gotchas for the benefit of those who follow in their (epic) footsteps:
Want to know who these folks are? Check our IRC page: http://wiki.splunk.com/Community:IRC
More excellent Splunk nerdery can be found here at #splunk inhabitant George Starcher’s blog:
I LOVE children…I just can’t eat a whole one
Several #splunk denizens have sprogged …
Syracuse University’s iSchool IT Girls want to change the world with data
This past Veteran’s Day weekend, I was in Syracuse, NY with fellow Splunker Christy Wilson, attending the 3rd annual IT Girls overnight retreat at Syracuse University’s iSchool. One of the goals of the retreat is to introduce the 100 selected high school girls from around the US to technology concepts, and to inspire them to pursue careers either in, or related to technology–but we were the ones who came away inspired.
The girls travel to the event from all over the country. Most are from neighboring cities including New York, Philadelphia, and the DC area, but the event is expanding its reach–some attendees were from further afield, coming from Texas and Georgia. Some parents also traveled to Syracuse …
That happened: episode 37
This week in “That happened: notes from #splunk”, a blog about the goings-on in the Splunk IRC channel: the Joy of Splunking, discovering the nerds are all around you, a panel of experts:
#splunk can be our little secret…
ElSplunk discovers the Joy of mvcount:
<ElSplunk> i have a value in the format [a,b,c,d.....] - I need to count the delimited entries in this.. any straightforward function??
<madscient> ElSplunk: mvcount(split(foo,”,”))
<madscient> ElSplunk: more precisely - | eval count=mvcount(split(foo,”,”))
<ElSplunk> thanks awesome @ madscient
<madscient> ElSplunk: np. any typos included at no additional charge.
<duckfez> madscient: they aren’t mistakes – just happy little syntactical accidents
That happened: episode 36
This week in “That happened: notes from #splunk”, a blog about the goings-on in the Splunk IRC channel:
And first, a message from our sponsor*:
- Today is the deadline to nominate for the Splunk Revolution Awards! Nominate yourself or someone else in one of 5 categories! Win money, fame, and glory!
- If you’re a #splunk or Answers denizen and will be attending .conf, contact me about getting on the guest list for our exclusive Answers/IRC party! Best way to contact me is to join us in #splunk IRC on EFNET and ask for piebob.
- Speaking of .conf, GET REGISTERED! 100+ sessions of real-world use cases, implementation details, and best practices await you. This is not your
That happened: episode 35
.conf 2013 is around the corner!
Some important details:
- We’ve been working on the big party–not going to spoil the surprise, but it is going to be AWESOME!
- Answers will be represented again this year by Splunk Support at the Answers desk, stop by to get in-person support and answers to your Splunk questions!
- Your Answers karma can take you to .conf 2013…
- ..and your app can win you up to $10k in cash!
- Got a cool use case? Nominate yourself for a Splunk Revolution Award!
…And in the dorkness…
That happened: episode 34
Addiction or codependence?
Either way, #splunk = support group
*** jtrucks has joined #splunk
<jtrucks> I was having withdrawal.
<kkolb> hi jtrucks
<jtrucks> amrit|wrk: yes
<@amrit|wrk> that’s why the download’s free
<jtrucks> that first … always is :
<jtrucks> come on, it’s 500MB free!
<jtrucks> you can do it
<jtrucks> everyone is doin’ it.
<@amrit|wrk> and 500mb …