Summary: | <app-misc/elasticsearch-1.6.0: unspecified arbitrary files modification vulnerability (CVE-2015-4165) | ||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
Product: | Gentoo Security | Reporter: | Ferenc Erki <erkiferenc> | ||||||||
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> | ||||||||
Status: | RESOLVED FIXED | ||||||||||
Severity: | normal | CC: | chainsaw | ||||||||
Priority: | Normal | ||||||||||
Version: | unspecified | ||||||||||
Hardware: | All | ||||||||||
OS: | Linux | ||||||||||
URL: | https://bugzilla.redhat.com/show_bug.cgi?id=1230761 | ||||||||||
Whiteboard: | ~4 [noglsa cve] | ||||||||||
Package list: | Runtime testing required: | --- | |||||||||
Attachments: |
|
Description
Ferenc Erki
2015-06-11 13:36:43 UTC
Created attachment 404952 [details]
elasticsearch-1.6.0.ebuild
Created attachment 404954 [details]
elasticsearch.init4
Created attachment 404958 [details]
elasticsearch.service3
+*elasticsearch-1.6.0 (11 Jun 2015) + + 11 Jun 2015; Tony Vroon <chainsaw@gentoo.org> -elasticsearch-1.4.4.ebuild, + -elasticsearch-1.5.0.ebuild, +elasticsearch-1.6.0.ebuild, + +files/elasticsearch.init4, +files/elasticsearch.service3, metadata.xml: + Security fix relating to an unspecified arbitrary file modification + vulnerability. Ebuild, init script and systemd service file by Ferenc Erki. + Closes bug #537314 by Austin M. Matherne and bug #547964 by Tomas Mozes. + Adding Ferenc Erki as proxy maintainer. Removing all vulnerable ebuilds for + security bug #551776. Maintainer(s), Thank you for you for cleanup. Closing noglsa - No stable versions CVE-2015-4165 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4165): ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. ** TEMPORARY ** All Elasticsearch versions from 1.0.0 to 1.5.2 are vulnerable to an attack that uses Elasticsearch to modify files read and executed by certain other applications. |