Friday, December 10, 2021

Security Onion 2.3.90 20211210 Hotfix Now Available to Mitigate log4j Vulnerability!

We recently released Security Onion 2.3.90 and a few hotfixes:

Today, we are releasing an additional hotfix:

If you haven't updated recently, then you should review all links above so that you are aware of all recent changes.

A vulnerability was recently announced in log4j:

The following components have vulnerable versions of log4j:

  • Elasticsearch
  • Logstash
  • TheHive/Cortex have a separate Elasticsearch instance

For Elasticsearch, Logstash, and the Elasticsearch instance for TheHive/Cortex, we've added the log4j2.formatMsgNoLookups=true option to disable the vulnerable code. It should be noted that TheHive/Cortex includes log4j 2.9.1 but NOT log4j-core-2.9.1.jar, which is the JAR that contains the JNDI lookup code. Instead, TheHive and Cortex utilize the simple logging facade via log4j-to-slf4j-2.9.1.jar and that library does NOT contain the vulnerable JNDI lookup code.

UPDATE 2021/12/13 We've released an additional hotfix that more fully addresses all known log4j attack vectors:

Internet-Connected Deployments

If your Security Onion deployment has Internet access, simply run "sudo soup" as described here:

Airgap Deployments

If you have an airgap deployment, download the new ISO image from the usual location:

Then follow the steps here:

Security Onion 16.04

If you are still running Security Onion 16.04, please note that it is past End Of Life. Please take this opportunity to upgrade to Security Onion 2:

Questions or Problems

If you have questions or problems, please see our community support forum guidelines:

You can then find the community support forum at:

No comments:

Search This Blog

Featured Post

4-month End Of Life (EOL) reminder for Security Onion 2.3

We recently announced the End Of Life (EOL) date for Security Onion 2.3:

Popular Posts

Blog Archive