Bugzilla – Bug 934507
CVE-2015-4165: elasticsearch: unspecified arbitrary files modification vulnerability
Last modified: 2017-11-28 12:43:54 UTC
Courtesy bug for elasticsearch, as found in devel:languages:python and /security:logging:elma:devel. Not in any openSUSE distribution. All Elasticsearch versions from 1.0.0 to 1.5.2 are vulnerable to an attack that uses Elasticsearch to modify files read and executed by certain other applications. Upstream bug/commit unknown at the time of writing. Mitigation: =========== Users should upgrade to 1.6.0. Alternately, ensure that other applications are not present on the system, or that Elasticsearch cannot write into areas where these applications would read. External References: https://www.elastic.co/community/security/ References: https://bugzilla.redhat.com/show_bug.cgi?id=1230761 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-4165 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4165
bugbot adjusting priority
Hello Maintainer, are you keeping this package up to date?
security:logging/elasticsearch is current. security:logging/elma looks abandoned