FreeBSD Bugzilla – Attachment 159215 Details for
Bug 201834
textproc/elasticsearch: update 1.6.0 -> 1.7.0 (CVE-2015-5377, CVE-2015-5531)
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
security/vuxml for elasticsearch < 1.6.1
elastic_vuxml.diff (text/plain), 2.43 KB, created by
Jason Unovitch
on 2015-07-25 15:10:58 UTC
(
hide
)
Description:
security/vuxml for elasticsearch < 1.6.1
Filename:
MIME Type:
Creator:
Jason Unovitch
Created:
2015-07-25 15:10:58 UTC
Size:
2.43 KB
patch
obsolete
>Index: vuln.xml >=================================================================== >--- vuln.xml (revision 392885) >+++ vuln.xml (working copy) >@@ -58,6 +58,67 @@ > > --> > <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> >+ <vuln vid="ae8c09cb-32da-11e5-a4a5-002590263bf5"> >+ <topic>elasticsearch -- directory traversal attack via snapshot API</topic> >+ <affects> >+ <package> >+ <name>elasticsearch</name> >+ <range><ge>1.0.0</ge><lt>1.6.1</lt></range> >+ </package> >+ </affects> >+ <description> >+ <body xmlns="http://www.w3.org/1999/xhtml"> >+ <p>Elastic reports:</p> >+ <blockquote cite="https://www.elastic.co/community/security"> >+ <p>Vulnerability Summary: Elasticsearch versions from 1.0.0 to 1.6.0 >+ are vulnerable to a directory traversal attack.</p> >+ <p>Remediation Summary: Users should upgrade to 1.6.1 or later, or >+ constrain access to the snapshot API to trusted sources.</p> >+ </blockquote> >+ </body> >+ </description> >+ <references> >+ <cvename>CVE-2015-5531</cvename> >+ <freebsdpr>ports/201834</freebsdpr> >+ <url>https://www.elastic.co/community/security</url> >+ </references> >+ <dates> >+ <discovery>2015-07-16</discovery> >+ <entry>2015-07-25</entry> >+ </dates> >+ </vuln> >+ >+ <vuln vid="fb3668df-32d7-11e5-a4a5-002590263bf5"> >+ <topic>elasticsearch -- remote code execution via transport protocol</topic> >+ <affects> >+ <package> >+ <name>elasticsearch</name> >+ <range><lt>1.6.1</lt></range> >+ </package> >+ </affects> >+ <description> >+ <body xmlns="http://www.w3.org/1999/xhtml"> >+ <p>Elastic reports:</p> >+ <blockquote cite="https://www.elastic.co/community/security"> >+ <p>Vulnerability Summary: Elasticsearch versions prior to 1.6.1 are >+ vulnerable to an attack that can result in remote code execution.</p> >+ <p>Remediation Summary: Users should upgrade to 1.6.1 or 1.7.0. >+ Alternately, ensure that only trusted applications have access to >+ the transport protocol port.</p> >+ </blockquote> >+ </body> >+ </description> >+ <references> >+ <cvename>CVE-2015-5377</cvename> >+ <freebsdpr>ports/201834</freebsdpr> >+ <url>https://www.elastic.co/community/security</url> >+ </references> >+ <dates> >+ <discovery>2015-07-16</discovery> >+ <entry>2015-07-25</entry> >+ </dates> >+ </vuln> >+ > <vuln vid="9d732078-32c7-11e5-b263-00262d5ed8ee"> > <topic>chromium -- multiple vulnerabilities</topic> > <affects>
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=159215">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 201834
:
159169
| 159215 |
159560
|
159561