Packaging for RHEL/EPEL 6 and 7?
by Dave Johansen
I would like to package Jenkins for RHEL/EPEL 6 and 7. Is there a current
or recent version from Fedora that would be a good starting point? Any
other advice?
Thanks,
Dave
8 years, 9 months
[Bug 1230761] New: CVE-2015-4165 elasticsearch: unspecified arbitrary files modification vulnerability
by Red Hat Bugzilla
https://bugzilla.redhat.com/show_bug.cgi?id=1230761
Bug ID: 1230761
Summary: CVE-2015-4165 elasticsearch: unspecified arbitrary
files modification vulnerability
Product: Security Response
Component: vulnerability
Keywords: Security
Severity: high
Priority: high
Assignee: security-response-team(a)redhat.com
Reporter: vkaigoro(a)redhat.com
CC: bkabrda(a)redhat.com, bkearney(a)redhat.com,
bobjensen(a)gmail.com, cbillett(a)redhat.com,
cpelland(a)redhat.com, cperry(a)redhat.com,
java-sig-commits(a)lists.fedoraproject.org,
jvanek(a)redhat.com, katello-bugs(a)redhat.com,
kseifried(a)redhat.com, mmccune(a)redhat.com,
ohadlevy(a)redhat.com, pbrobinson(a)gmail.com,
tjay(a)redhat.com, tomckay(a)redhat.com, zbyszek(a)in.waw.pl
All Elasticsearch versions from 1.0.0 to 1.5.2 are vulnerable to an attack that
uses Elasticsearch to modify files read and executed by certain other
applications.
Upstream bug/commit unknown at the time of writing.
Mitigation:
===========
Users should upgrade to 1.6.0. Alternately, ensure that other applications are
not present on the system, or that Elasticsearch cannot write into areas where
these applications would read.
External References:
https://www.elastic.co/community/security/
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=H4BjU1KRX1&a=cc_unsubscribe
8 years, 9 months
[Bug 1230765] New: CVE-2015-4165 elasticsearch: unspecified arbitrary files modification vulnerability [fedora-all]
by Red Hat Bugzilla
https://bugzilla.redhat.com/show_bug.cgi?id=1230765
Bug ID: 1230765
Summary: CVE-2015-4165 elasticsearch: unspecified arbitrary
files modification vulnerability [fedora-all]
Product: Fedora
Version: 22
Component: elasticsearch
Keywords: Security, SecurityTracking
Severity: high
Priority: high
Assignee: jvanek(a)redhat.com
Reporter: vkaigoro(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: bkabrda(a)redhat.com, bobjensen(a)gmail.com,
java-sig-commits(a)lists.fedoraproject.org,
jvanek(a)redhat.com, pbrobinson(a)gmail.com,
zbyszek(a)in.waw.pl
Blocks: 1230761 (CVE-2015-4165)
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of Fedora. While only
one tracking bug has been filed, please correct all affected versions at
the same time. If you need to fix the versions independent of each other,
you may clone this bug as appropriate.
[bug automatically created by: add-tracking-bugs]
Referenced Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=1230761
[Bug 1230761] CVE-2015-4165 elasticsearch: unspecified arbitrary files
modification vulnerability
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=PfCHFlzQOT&a=cc_unsubscribe
8 years, 9 months
[Bug 1244238] New: CVE-2015-5531 elasticsearch: directory traversal attack
by Red Hat Bugzilla
https://bugzilla.redhat.com/show_bug.cgi?id=1244238
Bug ID: 1244238
Summary: CVE-2015-5531 elasticsearch: directory traversal
attack
Product: Security Response
Component: vulnerability
Keywords: Security
Severity: medium
Priority: medium
Assignee: security-response-team(a)redhat.com
Reporter: vkaigoro(a)redhat.com
CC: bkabrda(a)redhat.com, bkearney(a)redhat.com,
bobjensen(a)gmail.com, cbillett(a)redhat.com,
cpelland(a)redhat.com, cperry(a)redhat.com,
java-sig-commits(a)lists.fedoraproject.org,
jvanek(a)redhat.com, katello-bugs(a)redhat.com,
kseifried(a)redhat.com, mmccune(a)redhat.com,
ohadlevy(a)redhat.com, pbrobinson(a)gmail.com,
tjay(a)redhat.com, tomckay(a)redhat.com, zbyszek(a)in.waw.pl
It was reported that Elasticsearch versions from 1.0.0 to 1.6.0 are vulnerable
to a directory traversal attack.
Mitigation:
Constrain access to the snapshot API to trusted sources.
Statement:
This issue did not affecte versions of elasticsearch as shipped with Red Hat
Satellite 6 and Subscription Asset Manager 1.
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=6qCGPbSGgj&a=cc_unsubscribe
8 years, 9 months
[Bug 1244236] New: CVE-2015-5377 elasticsearch: unspecified remote code execution vulnerability
by Red Hat Bugzilla
https://bugzilla.redhat.com/show_bug.cgi?id=1244236
Bug ID: 1244236
Summary: CVE-2015-5377 elasticsearch: unspecified remote code
execution vulnerability
Product: Security Response
Component: vulnerability
Keywords: Security
Severity: high
Priority: high
Assignee: security-response-team(a)redhat.com
Reporter: vkaigoro(a)redhat.com
CC: bkabrda(a)redhat.com, bkearney(a)redhat.com,
bobjensen(a)gmail.com, cbillett(a)redhat.com,
cpelland(a)redhat.com, cperry(a)redhat.com,
java-sig-commits(a)lists.fedoraproject.org,
jvanek(a)redhat.com, katello-bugs(a)redhat.com,
kseifried(a)redhat.com, mmccune(a)redhat.com,
ohadlevy(a)redhat.com, pbrobinson(a)gmail.com,
tjay(a)redhat.com, tomckay(a)redhat.com, zbyszek(a)in.waw.pl
It was reported that Elasticsearch versions prior to 1.6.1 are vulnerable to an
unspecified attack, leading to remote code execution.
Upstream fix is not known at the time of writing.
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=JKu9hWgakf&a=cc_unsubscribe
8 years, 9 months