CVE-2021-44228 Statement for SELKS Users
pevma
CVE-2021-44228 Statement for SELKS Users
On December 10, 2021, NIST published a Common Vulnerabilities and Exposure (CVE) alert identifying a vulnerability in the Java logging library Apache Log4j which can result in full server takeover. This critical alert - CVE-2021-44228 - applies to Java applications that use this library.
You may read more in these online resources:
This library is used by several components of the ELK stack (Elasticsearch, Logstash and Kibana) which are embedded in SELKS.
The developers of the ELK stack, Elastic, have determined that Logstash and Elasticsearch do contain this vulnerability, and they have included a fix in their ELK version 7.16.1. You can read more here: https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476
Update your SELKS Either visit our discord channel - https://discord.com/channels/911231224448712714/911238451842666546/920436967165001759or follow the instructions below.
Our research team has concluded that there is very little risk of an exploit of Logstash and Elasticsearch in SELKS. However, out of an abundance of caution we are recommending all users upgrade.
Upgrading SELKSHere are the instructions for updating your SELKS deployment:
In a terminal execute: selks-upgrade_stamus
Accept and confirm the new configs - elasticsearch.yml and logstash.yml during the upgrade process.
Confirm that the ELK stack is upgraded to 7.16.1 with the terminal command: selks-health-check_stamus
For SELKS on Docker Users
SELKS docker comes by default with the ELK stack version 7.16.1
For more information and examples of how to setup, please refer to the SELKS docker wiki
https://github.com/StamusNetworks/SELKS/wiki/Docker#installation
If you are already running SELKS on docker, you can upgrade the containers to a fixed version. To do so, simply run from the docker directory:
git pull
docker-compose pull
docker-compose stop
docker-compose up
CVE Detection
Thank you