openSUSE-SU-2022:0046-1

Опубликовано: 20 фев. 2022

Источник: suse-cvrf

Описание

Security update for sphinx

sphinx was updated to fix the following issues:

CVE-2020-29050: SphinxSearch in Sphinx Technologies Sphinx through 3.1.1 allows directory traversal (in conjunction with CVE-2019-14511) because the mysql client can be used for CALL SNIPPETS and load_file operations on a full pathname (e.g., a file in the /etc directory). (boo#1195227)

Список пакетов

openSUSE Leap 15.4

libsphinxclient-0_0_1-2.2.11-lp154.3.3.1

libsphinxclient-devel-2.2.11-lp154.3.3.1

sphinx-2.2.11-lp154.3.3.1

Ссылки

https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/BGIIYJ6U7AIFKGIYHMGJHVDPJF5AWYOA/
E-Mail link for openSUSE-SU-2022:0046-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1195227
SUSE Bug 1195227
https://www.suse.com/security/cve/CVE-2020-29050/
SUSE CVE CVE-2020-29050 page

Описание

SphinxSearch in Sphinx Technologies Sphinx through 3.1.1 allows directory traversal (in conjunction with CVE-2019-14511) because the mysql client can be used for CALL SNIPPETS and load_file operations on a full pathname (e.g., a file in the /etc directory). NOTE: this is unrelated to CMUSphinx.

Затронутые продукты

openSUSE Leap 15.4:libsphinxclient-0_0_1-2.2.11-lp154.3.3.1

openSUSE Leap 15.4:libsphinxclient-devel-2.2.11-lp154.3.3.1

openSUSE Leap 15.4:sphinx-2.2.11-lp154.3.3.1

Ссылки

https://www.suse.com/security/cve/CVE-2020-29050.html
CVE-2020-29050
https://bugzilla.suse.com/1195227
SUSE Bug 1195227

openSUSE-SU-2022:0046-1

Описание

Список пакетов

openSUSE Leap 15.4

Ссылки

Уязвимость: CVE-2020-29050

Описание

Затронутые продукты

Ссылки