Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

mitigations for CVE-2021-44228 (log4shell) #68

Closed
mmguero opened this issue Dec 14, 2021 · 1 comment
Closed

mitigations for CVE-2021-44228 (log4shell) #68

mmguero opened this issue Dec 14, 2021 · 1 comment
Assignees
@mmguero
Labels
external Depends on a bug or feature external to this project logstash Relating to Malcolm's use of Logstash opensearch Relating to Malcolm's use of OpenSearch security Related to issues with bearing on the security of Malcolm itself

Comments

@mmguero
Copy link
Collaborator

mmguero commented Dec 14, 2021

CVE-2021-44228 / Log4Shell

As elasticsearch and logstash use log4j, we need to mitigate this vulnerability until the upstream tools are updated to the new non-vulnerable versions.

See mmguero-dev/Malcolm@564bbad and mmguero-dev/Malcolm@7bae8ee
@mmguero mmguero added opensearch Relating to Malcolm's use of OpenSearch external Depends on a bug or feature external to this project logstash Relating to Malcolm's use of Logstash security Related to issues with bearing on the security of Malcolm itself labels Dec 14, 2021
@mmguero mmguero self-assigned this Dec 14, 2021
@mmguero mmguero closed this as completed Dec 14, 2021
@mmguero
Copy link
Collaborator Author

mmguero commented Dec 14, 2021
edited
Loading

See:

Apache Log4j2 Remote Code Execution (RCE) Vulnerability - CVE-2021-44228 - ESA-2021-31

Important: Update to OpenSearch 1.2.1

@mmguero mmguero mentioned this issue Dec 14, 2021
Merged
mmguero added a commit to cisagov/Malcolm that referenced this issue Dec 14, 2021
@mmguero
Malcolm v5.0.1 development (#180)
b59e237 
Malcolm v5.0.1 is a patch release with minor bug and security fixes.

* Bugs addressed:
  *  Very large pcaps don't get proccesed idaholab#44
  *  pcap files with colon (:) in the name don't process correctly idaholab#2
  *  turning off AUTO_TAG feature disables tagging altogether idaholab#12
  *  recent debinterfaces release broke configure-interfaces.py idaholab#48
  *  opensearch indexes in yellow state idaholab#67
  *  arkime capture gives mlockall_init() warning on startup idaholab#66

* Security vulnerabilities addressed:
  * mitigations for CVE-2021-44228 (log4shell) idaholab#68

* Other
  * bumped Arkime from [v3.1.1 to v3.2.0](https://github.com/arkime/arkime/blob/v3.2.0/CHANGELOG#L25-L40)
  * bumped OpenSearch to [v1.2.1](https://opensearch.org/blog/releases/2021/12/update-to-1-2-1/)
  * switched from [elasticsearch](https://pypi.org/project/elasticsearch-dsl/) to [opensearch](https://pypi.org/project/opensearch-dsl/) python client libraries
  * write contributor's guide for source code contributions/modifications idaholab#25
  * handle new fields in ethernet/IP logs (cisagov/icsnpp-enip@c4ae505)
  * use more recognizable dashboards logo for OpenSearch dashboards launcher in Malcolm ISO
  * include patches used to build Arkime Dockerfile when building Arkime for hedgehog as well
  * build Zeek spicy analyzers from their various repos rather than the zeek/spicy-analyzer meta-repo
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@mmguero mmguero

Labels
external Depends on a bug or feature external to this project logstash Relating to Malcolm's use of Logstash opensearch Relating to Malcolm's use of OpenSearch security Related to issues with bearing on the security of Malcolm itself
Projects
Malcolm
Status: Released
Milestone
No milestone
Development

No branches or pull requests
1 participant
@mmguero