FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

elasticsearch -- security fix for shared file-system repositories

Affected packages
1.0.0 <= elasticsearch < 1.6.0

Details

VuXML ID 23232028-1ba4-11e5-b43d-002590263bf5
Discovery 2015-06-09
Entry 2015-06-26

Elastic reports:

Vulnerability Summary: All Elasticsearch versions from 1.0.0 to 1.5.2 are vulnerable to an attack that uses Elasticsearch to modify files read and executed by certain other applications.

Remediation Summary: Users should upgrade to 1.6.0. Alternately, ensure that other applications are not present on the system, or that Elasticsearch cannot write into areas where these applications would read.

References

CVE Name CVE-2015-4165
FreeBSD PR ports/201008
URL https://www.elastic.co/blog/elasticsearch-1-6-0-released
URL https://www.elastic.co/community/security