Tuesday, December 21, 2021

Security Onion 2.3.91 Now Available including Elastic 7.16.2 and Log4j 2.17.0!

We recently released Security Onion 2.3.90 and a few hotfixes:
https://blog.securityonion.net/2021/11/security-onion-2390-now-available.html
https://docs.securityonion.net/en/2.3/release-notes.html#hotfix-wazuh
https://docs.securityonion.net/en/2.3/release-notes.html#hotfix-airgapfix
https://docs.securityonion.net/en/2.3/release-notes.html#hotfix-20211206
https://docs.securityonion.net/en/2.3/release-notes.html#hotfix-20211210
https://docs.securityonion.net/en/2.3/release-notes.html#hotfix-20211213

Today, we are releasing Security Onion 2.3.91:
https://docs.securityonion.net/en/2.3/release-notes.html#changes

If you haven't updated recently, then you should review all links above so that you are aware of all recent changes.

Summary

Several vulnerabilities were recently announced in log4j:
https://logging.apache.org/log4j/2.x/security.html

We released an initial hotfix on 2021/12/10:
https://docs.securityonion.net/en/2.3/release-notes.html#hotfix-20211210

Elastic later released additional details:
https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476

We then released a second hotfix on 2021/12/13:
https://docs.securityonion.net/en/2.3/release-notes.html#hotfix-20211213

Today's 2.3.91 release updates to Elastic 7.16.2 which includes Log4j 2.17.0:
https://www.elastic.co/blog/new-elasticsearch-and-logstash-releases-upgrade-apache-log4j2

Known Upgrade Issues

Since we are moving from Elastic 7.15 to 7.16, please be aware that custom settings in Kibana may be overwritten during upgrade.

If soup displays the following message:

warning: setlocale: LC_CTYPE: cannot change locale (en_US.UTF-8): No such file or directory

then you may need to run the following command:

sudo locale-gen en_US.UTF-8

For more information, please see:
https://github.com/Security-Onion-Solutions/securityonion/issues/6599 

After soup completes, if you run a vulnerability scanner against the filesystem, it may find older versions of log4j in the older unused Docker images. Soup updates always keep the previous version of Docker images, so these will automatically be removed at the next Docker image update.

Internet-Connected Deployments

If your Security Onion deployment has Internet access, simply run "sudo soup" as described here:
https://docs.securityonion.net/en/2.3/soup.html

Airgap Deployments

If you have an airgap deployment, download the new ISO image from the usual location:
https://securityonion.net/download

Then follow the steps here:
https://docs.securityonion.net/en/2.3/airgap.html#security-onion-version-updates

Security Onion 16.04

If you are still running Security Onion 16.04, please note that it is past End Of Life. Please take this opportunity to upgrade to Security Onion 2:
https://docs.securityonion.net/en/2.3/appendix.html

Questions or Problems

If you have questions or problems, please see our community support forum guidelines:
https://docs.securityonion.net/en/2.3/community-support.html

You can then find the community support forum at:
https://securityonion.net/discuss

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.