Debian Security Advisory
DSA-3241-1 elasticsearch -- security update
- Date Reported:
- 29 Apr 2015
- Affected Packages:
- elasticsearch
- Vulnerable:
- Yes
- Security database references:
- In Mitre's CVE dictionary: CVE-2015-3337.
- More information:
-
John Heasman discovered that the site plugin handling of the Elasticsearch search engine was susceptible to directory traversal.
For the stable distribution (jessie), this problem has been fixed in version 1.0.3+dfsg-5+deb8u1.
For the unstable distribution (sid), this problem will be fixed soon.
We recommend that you upgrade your elasticsearch packages.