Monday, December 13, 2021

Security Onion 2.3.90 20211213 Hotfix Now Available to Fully Mitigate All Known log4j Attack Vectors!

We recently released Security Onion 2.3.90 and a few hotfixes:

Today, we are releasing an additional hotfix:

If you haven't updated recently, then you should review all links above so that you are aware of all recent changes.


A vulnerability was recently announced in log4j:

We released an initial hotfix on Friday:

Elastic later released additional details:

Today's hotfix addresses all known attack vectors for the log4j vulnerability by fully removing the JndiLookup class.

UPDATE 2021/12/14 An additional CVE was announced:

This new CVE recommends removing the JndiLookup class and that was done in this 20211213 hotfix.

UPDATE 2021/12/16 If you scan with a vulnerability scanner that just looks at version numbers, then it may detect vulnerabilities as we kept the existing version numbers but removed the vulnerable JndiLookup class. Also, some scanners may flag elasticsearch-sql-cli-7.15.2.jar but there is no attack vector here according to Elastic:

This tool is standalone (NOT part of the server), for running ad-hoc SQL interactions. The tool does NOT accept external user input. The mere presence of the JndiLookup.class is not problematic here, but it looks interesting and could lead to confusion for scanners

UPDATE 2021/12/20 Elastic released 7.16.2 yesterday with updated Log4j 2.17.0, primarily to avoid false positives in vulnerability scanners. We are currently looking into this version. Updating to new Elastic containers will require a full release (not just a hotfix), so it will take some time.

Internet-Connected Deployments

If your Security Onion deployment has Internet access, simply run "sudo soup" as described here:

Airgap Deployments

If you have an airgap deployment, download the new ISO image from the usual location:

Then follow the steps here:

Security Onion 16.04

If you are still running Security Onion 16.04, please note that it is past End Of Life. Please take this opportunity to upgrade to Security Onion 2:

Questions or Problems

If you have questions or problems, please see our community support forum guidelines:

You can then find the community support forum at:

No comments:

Search This Blog

Featured Post

Sneak Peek: New Detections Feature coming in Security Onion 2.4.70!

Our latest video is a sneak peek at a NEW feature coming to our FREE and OPEN Security Onion platform in the upcoming 2.4.70 release! This n...

Popular Posts

Blog Archive