* Salvatore Bonaccorso: > Did you had a chance to get more details on it?
,----[ http://seclists.org/bugtraq/2015/Jun/53 ] | Elasticsearch versions 1.0.0 - 1.5.2 are vulnerable to an engineered | attack on other applications on the system. The snapshot API may be used | indirectly to place snapshot metadata files into locations that are | writeable by the user running the Elasticsearch process. It is possible | to create a file that another application could read and take action on, | such as code execution. `---- Looking at upstream's commits leading to 1.6.0, this seems like a candidate: ,---- | commit dedbe528d5da95fdb6cccd1d0483aa0ca2c07563 | Author: jaymode <jay.m...@elasticsearch.com> | Date: Fri May 29 11:14:46 2015 -0400 | | Snapshot/Restore: fix check for locations in a repository path | | Currently, when trying to determine if a location is within one of the configured repository | paths, we compare a canonical path against an absolute path. These are not always | equivalent and this check will fail even when the same directory is used. This changes | the logic to to follow that of master, where we use normalized absolute path comparisons. A | test has been added that failed with the old code and now passes with the updated method. `---- Cheers, -Hilko -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
