[Secure-testing-team] Bug#792617: elasticsearch: CVE-2015-5377 CVE-2015-5531

Salvatore Bonaccorso carnil at debian.org
Thu Jul 16 19:59:41 UTC 2015


Source: elasticsearch
Version: 1.0.3+dfsg-5
Severity: grave
Tags: security upstream fixed-upstream
Justification: user security hole

Hi,

the following vulnerabilities were published for elasticsearch.
Reporting them right now as severity grave since some details are
missed so feel free to downgrade.

CVE-2015-5377[0]:
Remote code execution vulnerability

CVE-2015-5531[1]:
Directory traversal vulnerability

If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2015-5377
[1] https://security-tracker.debian.org/tracker/CVE-2015-5531
[2] https://www.elastic.co/blog/elasticsearch-1-7-0-and-1-6-1-released#security

Regards,
Salvatore



More information about the Secure-testing-team mailing list