Vulnerability Identifier: NR24-01
Priority: High
Summary
New Relic advises all customers using log forwarding instrumentation to update the following solutions:
- Linux Infrastructure Agent AND Fluent Bit
- Kubernetes Plugin
- Fluent Bit Output Plugin
New Relic has released new versions of these services to eliminate a recently announced vulnerable version of Fluent Bit. Each identified service has been updated to use Fluent Bit version 3.0.4, which was released to remediate the identified vulnerability.
Customers who are using the Infrastructure Agent but have disabled log forwarding are not impacted.
Action required
New Relic is recommending that customers who use the log forwarding instrumentation (as identified below) immediately take the following Actions:
Solution | Action Required |
Windows Infrastructure Agent | On Windows, the embedded version of Fluent Bit within the Windows Infrastructure Agent has been determined to not be impacted by CVE-2024-4323. |
Linux Infrastructure Agent | Upgrade the Infrastructure Agent to version 1.52.3 or later, AND update Fluent Bit to version 3.0.4 or later |
Kubernetes Plugin | Upgrade using either |
Fluent Bit Output Plugin | Update to version 2.0.0 |
New Relic has provided the following resources to assist with these updates:
- Update the Infrastructure Agent
- Update Fluent Bit with the Linux Infrastructure Agent
- Install the newest helm charts for the Kubernetes Plugin
- Install the Kubernetes integration
- Fluent Bit plugin for log forwarding
- Check the Fluent Bit versions being used on your host
- Check the Fluent Bit log forwarder version
New Relic has not identified any workarounds at this time.
Frequently Asked Questions
I am using the Infrastructure Agent but have disabled log forwarding. Am I impacted?
No, if log forwarding is disabled, the Infrastructure Agent will not run Fluent Bit and will not be impacted. However, New Relic recommends that you upgrade the agent regularly and check for updates at a minimum of every 3 months to ensure you are using a current version.
Additionally, New Relic recommends that all customers identify any other uses of Fluent Bit in their environments and update them to at least version 3.0.4.
Once I update to the latest versions of the listed log forwarding services, do I have to do anything else?
Yes, but only if you are running Infrastructure Agents on Linux hosts. If you are running the Linux Infrastructure Agent, you will also need to update Fluent Bit within your environment to version 3.0.4 or later.
There are no further configuration changes required to the Kubernetes Plugin or the Fluent Bit Output Plugin after updating to the most recent versions, although New Relic recommends that you periodically check your set configurations to make sure they match your desired settings.
Supporting Release Notes
Infrastructure Agent Release Notes
Kubernetes Integration Release Notes
Fluent Bit Output Plugin Release Notes
Technical vulnerability information
Fluent Bit's Statement on CVE-2024-4323
Research Synopsis of CVE-2024-4323
Publication History
June 7, 2024 - NR24-01 Published