http://bugzilla.suse.com/show_bug.cgi?id=934507 Bug ID: 934507 Summary: VUL-0: CVE-2015-4165: elasticsearch: unspecified arbitrary files modification vulnerability Classification: openSUSE Product: openSUSE.org Version: unspecified Hardware: Other URL: https://smash.suse.de/issue/117585/ OS: openSUSE 13.2 Status: NEW Severity: Major Priority: P5 - None Component: 3rd party software Assignee: heinemannj66@gmail.com Reporter: astieger@suse.com QA Contact: opensuse-communityscreening@forge.provo.novell.com CC: security-team@suse.de Found By: Security Response Team Blocker: --- Courtesy bug for elasticsearch, as found in devel:languages:python and /security:logging:elma:devel. Not in any openSUSE distribution. All Elasticsearch versions from 1.0.0 to 1.5.2 are vulnerable to an attack that uses Elasticsearch to modify files read and executed by certain other applications. Upstream bug/commit unknown at the time of writing. Mitigation: =========== Users should upgrade to 1.6.0. Alternately, ensure that other applications are not present on the system, or that Elasticsearch cannot write into areas where these applications would read. External References: https://www.elastic.co/community/security/ References: https://bugzilla.redhat.com/show_bug.cgi?id=1230761 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-4165 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4165 -- You are receiving this mail because: You are on the CC list for the bug.