https://bugzilla.redhat.com/show_bug.cgi?id=1230761
Bug ID: 1230761
Summary: CVE-2015-4165 elasticsearch: unspecified arbitrary
files modification vulnerability
Product: Security Response
Component: vulnerability
Keywords: Security
Severity: high
Priority: high
Assignee: security-response-team(a)redhat.com
Reporter: vkaigoro(a)redhat.com
CC: bkabrda(a)redhat.com, bkearney(a)redhat.com,
bobjensen(a)gmail.com, cbillett(a)redhat.com,
cpelland(a)redhat.com, cperry(a)redhat.com,
java-sig-commits(a)lists.fedoraproject.org,
jvanek(a)redhat.com, katello-bugs(a)redhat.com,
kseifried(a)redhat.com, mmccune(a)redhat.com,
ohadlevy(a)redhat.com, pbrobinson(a)gmail.com,
tjay(a)redhat.com, tomckay(a)redhat.com, zbyszek(a)in.waw.pl
All Elasticsearch versions from 1.0.0 to 1.5.2 are vulnerable to an attack that
uses Elasticsearch to modify files read and executed by certain other
applications.
Upstream bug/commit unknown at the time of writing.
Mitigation:
===========
Users should upgrade to 1.6.0. Alternately, ensure that other applications are
not present on the system, or that Elasticsearch cannot write into areas where
these applications would read.
External References:
https://www.elastic.co/community/security/
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug
https://bugzilla.redhat.com/token.cgi?t=H4BjU1KRX1&a=cc_unsubscribe