Date: Wed, 10 Jun 2015 11:33:32 +0000 From: bugzilla-noreply@freebsd.org To: freebsd-ports-bugs@FreeBSD.org Subject: [Bug 200759] sysutils/logstash: Security vulnerability CVE-2015-4152 Message-ID: <bug-200759-13@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=200759 Bug ID: 200759 Summary: sysutils/logstash: Security vulnerability CVE-2015-4152 Product: Ports & Packages Version: Latest Hardware: Any URL: http://www.securityfocus.com/archive/1/535725/30/0/thr eaded OS: Any Status: New Keywords: needs-patch, security Severity: Affects Only Me Priority: --- Component: Individual Port(s) Assignee: freebsd-ports-bugs@FreeBSD.org Reporter: koobs@FreeBSD.org CC: enrico.m.crisostomo@gmail.com, ports-secteam@FreeBSD.org Flags: maintainer-feedback?(enrico.m.crisostomo@gmail.com) CC: enrico.m.crisostomo@gmail.com Logstash versions 1.4.2 and prior are vulnerable to a directory traversal attack that allows an attacker to over-write files on the server running Logstash. This vulnerability is not present in the initial installation of Logstash. The vulnerability is exposed when the file output plugin is configured for use. The files impacted must be writeable by the user that owns the Logstash process. -- You are receiving this mail because: You are the assignee for the bug.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-200759-13>