Friday, December 10, 2021

Security Onion 2.3.90 20211210 Hotfix Now Available to Mitigate log4j Vulnerability!

We recently released Security Onion 2.3.90 and a few hotfixes:

Today, we are releasing an additional hotfix:

If you haven't updated recently, then you should review all links above so that you are aware of all recent changes.

A vulnerability was recently announced in log4j:

The following components have vulnerable versions of log4j:

  • Elasticsearch
  • Logstash
  • TheHive/Cortex have a separate Elasticsearch instance

For Elasticsearch, Logstash, and the Elasticsearch instance for TheHive/Cortex, we've added the log4j2.formatMsgNoLookups=true option to disable the vulnerable code. It should be noted that TheHive/Cortex includes log4j 2.9.1 but NOT log4j-core-2.9.1.jar, which is the JAR that contains the JNDI lookup code. Instead, TheHive and Cortex utilize the simple logging facade via log4j-to-slf4j-2.9.1.jar and that library does NOT contain the vulnerable JNDI lookup code.

UPDATE 2021/12/13 We've released an additional hotfix that more fully addresses all known log4j attack vectors:

Internet-Connected Deployments

If your Security Onion deployment has Internet access, simply run "sudo soup" as described here:

Airgap Deployments

If you have an airgap deployment, download the new ISO image from the usual location:

Then follow the steps here:

Security Onion 16.04

If you are still running Security Onion 16.04, please note that it is past End Of Life. Please take this opportunity to upgrade to Security Onion 2:

Questions or Problems

If you have questions or problems, please see our community support forum guidelines:

You can then find the community support forum at:

No comments:

Search This Blog

Featured Post

Security Onion 2.4.70 now available including our new Detections interface and much more!

Security Onion 2.4.70 is now available! It includes some new features for our fellow defenders including our new Detections interface to hel...

Popular Posts

Blog Archive