FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

logstash-forwarder and logstash -- susceptibility to POODLE vulnerability

Affected packages
logstash-forwarder < 0.4.0.20150507
logstash < 1.4.3

Details

VuXML ID ad4d3871-1a0d-11e5-b43d-002590263bf5
Discovery 2015-06-09
Entry 2015-06-24
Modified 2015-06-24

Elastic reports:

The combination of Logstash Forwarder and Lumberjack input (and output) was vulnerable to the POODLE attack in SSLv3 protocol. We have disabled SSLv3 for this combination and set the minimum version to be TLSv1.0. We have added this vulnerability to our CVE page and are working on filling out the CVE.

Thanks to Tray Torrance, Marc Chadwick, and David Arena for reporting this.

SSLv3 is no longer supported; TLS 1.0+ is required (compatible with Logstash 1.4.2+).

References

FreeBSD PR ports/201065
FreeBSD PR ports/201065
URL https://www.elastic.co/blog/logstash-1-4-3-released
URL https://www.elastic.co/blog/logstash-forwarder-0-4-0-released