The CVE-2015-3222 vulnerability, which allows for root escalation via syscheck has been fixed in OSSEC 2.8.2. Full details of the issue can be found on the OSSEC Github repository – https://github.com/ossec/ossec-hids/releases/tag/2.8.2.
OSSEC 2.8.1 has been released to address the security issue identified by Jeff Petersen of Roka Security LLC. Full details of the issue can be found on the OSSEC Github repository – https://github.com/ossec/ossec-hids/releases/tag/2.8.1.
The recently disclosed CVE-2014-0160 vulnerability – heartbleed read overrun – in OpenSSL may impact OSSEC installations where OSSEC was deployed with OpenSSL support, either when built from source or installed from RPMs. In particular this issue leaves ossec-authd open to attack.
OSSEC