FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

elasticsearch -- remote code execution via transport protocol

Affected packages
elasticsearch < 1.6.1

Details

VuXML ID fb3668df-32d7-11e5-a4a5-002590263bf5
Discovery 2015-07-16
Entry 2015-08-05

Elastic reports:

Vulnerability Summary: Elasticsearch versions prior to 1.6.1 are vulnerable to an attack that can result in remote code execution.

Remediation Summary: Users should upgrade to 1.6.1 or 1.7.0. Alternately, ensure that only trusted applications have access to the transport protocol port.

References

CVE Name CVE-2015-5377
FreeBSD PR ports/201834
URL https://www.elastic.co/community/security