We recently released Security Onion 2.3.90 and a few hotfixes:
https://blog.securityonion.net/2021/11/security-onion-2390-now-available.html
https://docs.securityonion.net/en/2.3/release-notes.html#hotfix-wazuh
https://docs.securityonion.net/en/2.3/release-notes.html#hotfix-airgapfix
https://docs.securityonion.net/en/2.3/release-notes.html#hotfix-20211206
https://docs.securityonion.net/en/2.3/release-notes.html#hotfix-20211210
https://docs.securityonion.net/en/2.3/release-notes.html#hotfix-20211213
Today, we are releasing Security Onion 2.3.91:
https://docs.securityonion.net/en/2.3/release-notes.html#changes
If you haven't updated recently, then you should review all links above so that you are aware of all recent changes.
Summary
Several vulnerabilities were recently announced in log4j:
https://logging.apache.org/log4j/2.x/security.html
We released an initial hotfix on 2021/12/10:
https://docs.securityonion.net/en/2.3/release-notes.html#hotfix-20211210
Elastic later released additional details:
https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476
We then released a second hotfix on 2021/12/13:
https://docs.securityonion.net/en/2.3/release-notes.html#hotfix-20211213
Today's 2.3.91 release updates to Elastic 7.16.2 which includes Log4j 2.17.0:
https://www.elastic.co/blog/new-elasticsearch-and-logstash-releases-upgrade-apache-log4j2
Known Upgrade Issues
Since we are moving from Elastic 7.15 to 7.16, please be aware that custom settings in Kibana may be overwritten during upgrade.
If soup displays the following message:
warning: setlocale: LC_CTYPE: cannot change locale (en_US.UTF-8): No such file or directory
then you may need to run the following command:
sudo locale-gen en_US.UTF-8
For more information, please see:
https://github.com/Security-Onion-Solutions/securityonion/issues/6599
After soup completes, if you run a vulnerability scanner against the filesystem, it may find older versions of log4j in the older unused Docker images. Soup updates always keep the previous version of Docker images, so these will automatically be removed at the next Docker image update.
Internet-Connected Deployments
If your Security Onion deployment has Internet access, simply run "sudo soup" as described here:
https://docs.securityonion.net/en/2.3/soup.html
Airgap Deployments
If you have an airgap deployment, download the new ISO image from the usual location:
https://securityonion.net/download
Then follow the steps here:
https://docs.securityonion.net/en/2.3/airgap.html#security-onion-version-updates
Security Onion 16.04
If you are still running Security Onion 16.04, please note that it is past End Of Life. Please take this opportunity to upgrade to Security Onion 2:
https://docs.securityonion.net/en/2.3/appendix.html
Questions or Problems
If you have questions or problems, please see our community support forum guidelines:
https://docs.securityonion.net/en/2.3/community-support.html
You can then find the community support forum at:
https://securityonion.net/discuss
No comments:
Post a Comment