elasticsearch -- security fix for shared file-system repositories

ID 23232028-1BA4-11E5-B43D-002590263BF5
Type freebsd
Reporter FreeBSD
Modified 2015-06-09T00:00:00


Elastic reports:

Vulnerability Summary: All Elasticsearch versions from 1.0.0 to 1.5.2 are vulnerable to an attack that uses Elasticsearch to modify files read and executed by certain other applications. Remediation Summary: Users should upgrade to 1.6.0. Alternately, ensure that other applications are not present on the system, or that Elasticsearch cannot write into areas where these applications would read.