Attachment 159290 Details for Bug 201893 – security/vuxml for CVE-2015-5378 in logstash < 1.5.3

[patch] security/vuxml for CVE-2015-5378 in logstash < 1.5.3

logstash_vuxml.diff (text/plain), 1.55 KB, created by Jason Unovitch on 2015-07-27 01:39:52 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Jason Unovitch

Created: 2015-07-27 01:39:52 UTC

Size: 1.55 KB

patch

obsolete

>Index: vuln.xml
>===================================================================
>--- vuln.xml	(revision 392952)
>+++ vuln.xml	(working copy)
>@@ -58,6 +58,39 @@
> 
> -->
> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
>+ <vuln vid="c470bcc7-33fe-11e5-a4a5-002590263bf5">
>+ <topic>logstash -- SSL/TLS vulnerability with Lumberjack input</topic>
>+ <affects>
>+ <package>
>+	<name>logstash</name>
>+	<range><lt>1.4.4</lt></range>
>+	<range><ge>1.5.0</ge><lt>1.5.3</lt></range>
>+ </package>
>+ </affects>
>+ <description>
>+ <body xmlns="http://www.w3.org/1999/xhtml">
>+	Elastic reports:
>+	<blockquote cite="https://www.elastic.co/community/security">
>+	 Vulnerability Summary: All Logstash versions prior to 1.5.2 that
>+	 use Lumberjack input (in combination with Logstash Forwarder agent)
>+	 are vulnerable to a SSL/TLS security issue called the FREAK attack.
>+	 This allows an attacker to intercept communication and access secure
>+	 data. Users should upgrade to 1.5.3 or 1.4.4.
>+	 Remediation Summary: Users that do not want to upgrade can address
>+	 the vulnerability by disabling the Lumberjack input.
>+	</blockquote>
>+ </body>
>+ </description>
>+ <references>
>+ <cvename>CVE-2015-5378</cvename>
>+ <url>https://www.elastic.co/community/security</url>
>+ </references>
>+ <dates>
>+ <discovery>2015-07-22</discovery>
>+ <entry>2015-07-27</entry>
>+ </dates>
>+ </vuln>
>+
> <vuln vid="9d732078-32c7-11e5-b263-00262d5ed8ee">
> <topic>chromium -- multiple vulnerabilities</topic>
> <affects>

Flags:

junovitch: maintainer-approval? (ports-secteam)

Actions: View | Diff

Attachments on bug 201893: 159247 | 159248 | 159290