FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

elasticsearch -- security fix for shared file-system repositories

Affected packages
1.0.0 <= elasticsearch < 1.6.0

Details

VuXML ID 23232028-1ba4-11e5-b43d-002590263bf5
Discovery 2015-06-09
Entry 2015-06-26

Elastic reports:

Vulnerability Summary: All Elasticsearch versions from 1.0.0 to 1.5.2 are vulnerable to an attack that uses Elasticsearch to modify files read and executed by certain other applications.

Remediation Summary: Users should upgrade to 1.6.0. Alternately, ensure that other applications are not present on the system, or that Elasticsearch cannot write into areas where these applications would read.

[source]

References

CVE Name CVE-2015-4165
FreeBSD PR ports/201008
URL https://www.elastic.co/blog/elasticsearch-1-6-0-released
URL https://www.elastic.co/community/security

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.