Splunk 5.0, which was released on October 30th, 2012, updates to python version 2.7.3 in order to address the vulnerabilities described in CVE-2012-0876 (cve.mitre.org) and (cve.mitre.org).
Splunk would like to credit Tommie Giles with reporting that Splunk was vulnerable to CVE-2012-0876.
Splunk also would like to credit Alexander Klink of n.runs AG with reporting to us that Splunk was vulnerable to CVE-2012-1150.
What is Python?
Python is an interpreted, object-oriented, high-level programming language.
How does Splunk use Python?
Splunk ships with a python interpreter that it uses for several web and application services.
Who is affected?
This notification applies to you if you are using any version of Splunk (2.x, 3.x, or 4.x) prior to version 5.0. Previous versions of Splunk utilized versions of the python interpreter that were vulnerable to these issues.
What should I do if I am affected?
Splunk recommends that customers upgrade to version 5.0 at their first opportunity.