Looking for documentation? Check out our new learning center!
AlienVault v4.5 Released! Download here

Patch release v4.2.3

juanmalsjuanmals Alien Overseer

Patch Release v4.2.3 is now available for your system.  Patch releases are intended to be minimally disruptive to your system and do not contain new functionality.  However, please read release notes and change log below and apply the patch during an appropriate service window.

Release Notes

4.2.3 - RN1 Updates to Address Security Advisory

Included in this release are improvements to the input validation routines used to cleanse particular parameters submitted by the event search form.  This addresses all issues found in the security advisory found <a target="_blank" href="http://forums.alienvault.com/discussion/1236/security-advisory-alienvault-ossim-v4-1">here</a>

4.2.2 - RN1 Policies for Directive Events

The interface for policy creation previously allowed the user to create policies that were not supported by the policy engine.  This only applied to policies for directive events; more conditions were available in the UI then the policy engine supported.  This means some users may have policies existing in their system that are not being completely enforced.  Take note of any policies for directive events that have 'source' and 'destination' as conditions.  The logic in these policies will have to be recreated, either by creating policies that filter the events that trigger the directive, or by adding the conditions to the directive itself. 

Change Log - AlienVault USM v4.2.3 only

- New events logged by the  the AlienVault Forwarder process

Change Log - AlienVault OSSIM v4.2.3 and AlienVault USM v4.2.3

- Fixed multiple issues when resending events to multiple servers
- Fixed a segmentation fault when closing the agent-server correlation
- Fixed a race condition during correlation process
- Fixed an SQL injection in the SIEM Forensic console
- Updated PHP and PERL software packages


  • fredrikfredrik Contactee
    edited June 2013
    Can someone describe -how- to apply this patch?  

    I just upgraded a cloud environment on AWS to 4.2.2, and after that this patch became available. But I don't see a way to apply it in the GUI since it says "system updated". And I can't get it working using CLI either. On a related side-note, even when I've thrown all available updates on AV-USM, the GUI still says "New updates available" in the lower left corner. Is this just a cosmetic bug or what?

    On another related side-note, in Alienvault Center, sometimes the available updates is listed as (0), sometimes (39), sometimes (49). It changes from hour to hour. What's up with that?
  • GibboGibbo Contactee
    I just applied this using "alienvault-update" on the command line. Worked like a dream. I was on 4.2.2 before I tried.
  • jbeitlerjbeitler UFO Spotter
    I have to agree with Fredrik on this one. 

    We are running two instances of OSSIM both of them are on 4.2.2 and when I do an update from the command line "alinevailt-update" it does nothing, they are both still on 4.2.2. Yet the Web interface keeps telling me there is a Patch Available. 

    Oddly enough one of them keeps reporting this
    "The following packages will be upgraded:
      alienvault-agent-generator alienvault-center alienvault-crosscorrelation-free
      alienvault-directives-free alienvault-dummy-database alienvault-dummy-sensor
      alienvault-dummy-server alienvault-idm alienvault-plugins ossim-agent ossim-cd-configs
      ossim-cd-tools ossim-compliance ossim-contrib ossim-database-migration ossim-downloads
      ossim-framework ossim-framework-daemon ossim-geoip ossim-menu-setup ossim-mysql
      ossim-osvdb ossim-repo-key ossim-server ossim-taxonomy ossim-utils snort-rules-default
    28 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
    Need to get 166 MB of archives.
    After this operation, 4096 B of additional disk space will be used.
    WARNING: The following packages cannot be authenticated!
      alienvault-plugins alienvault-agent-generator ossim-agent ossim-database-migration
      alienvault-directives-free alienvault-crosscorrelation-free ossim-taxonomy
      ossim-server ossim-contrib ossim-utils snort-rules-default ossim-repo-key
      ossim-cd-configs alienvault-center ossim-cd-tools ossim-geoip suricata-rules-default
      alienvault-dummy-sensor ossim-framework-daemon ossim-compliance ossim-framework
      ossim-mysql alienvault-dummy-database alienvault-idm alienvault-dummy-server
      ossim-downloads ossim-menu-setup ossim-osvdb"

    I do have to say updates on AV are the most unreliable part of the whole thing. 
  • metzgermetzger Contactee

    I agree with Fredrik, that the patch 4.2.3 announcement is still displayed after upgrading running "alienvault-update".

    But checked by "dpkg -l" on the cli there are version 4.2.3 packages listed.

  • s_secures_secure Taken Aboard the Mothership
    iam getting with this news patch an high CPU usage all the time, some others users with this usses?
  • GuzmanDiazGuzmanDiaz UFO Spotter

    I'm updating the OSSIM since version 4.2.1 when finished I commented that this was :) and I have if any of these problems described.
  • cpconstantinecpconstantine Alien Embassador
    yeah, the patch announcement remains after its been updated. 
  • GuzmanDiazGuzmanDiaz UFO Spotter


    After the upgrade was left "Frozen" with that configuration, although I change the IP does not change in the GUI
  • fredrikfredrik Contactee
    s_secure said:
    iam getting with this news patch an high CPU usage all the time, some others users with this usses?
    Hello, I have noticed this too. But also on 4.2.2 and I think earlier as well (like 4.2.1). Can you check if you have the process "alienvault-setup" or maybe "ossim-setup" still running? 

Sign In or Register to comment.