Описание
Security update for sphinx
This update for sphinx fixes the following issues:
- CVE-2020-29050: SphinxSearch in Sphinx Technologies Sphinx allows directory traversal (in conjunction with CVE-2019-14511) because the mysql client can be used for CALL SNIPPETS and load_file operations on a full pathname (e.g., a file in the /etc directory). (boo#1195227)
- update to 2.0.6 release
Список пакетов
openSUSE Leap 15.3
libsphinxclient-0_0_1-2.2.11-lp153.2.3.1
libsphinxclient-devel-2.2.11-lp153.2.3.1
sphinx-2.2.11-lp153.2.3.1
Ссылки
- E-Mail link for openSUSE-SU-2022:0054-1
- SUSE Security Ratings
- SUSE Bug 1157590
- SUSE Bug 1195227
- SUSE CVE CVE-2020-29050 page
Описание
SphinxSearch in Sphinx Technologies Sphinx through 3.1.1 allows directory traversal (in conjunction with CVE-2019-14511) because the mysql client can be used for CALL SNIPPETS and load_file operations on a full pathname (e.g., a file in the /etc directory). NOTE: this is unrelated to CMUSphinx.
Затронутые продукты
openSUSE Leap 15.3:libsphinxclient-0_0_1-2.2.11-lp153.2.3.1
openSUSE Leap 15.3:libsphinxclient-devel-2.2.11-lp153.2.3.1
openSUSE Leap 15.3:sphinx-2.2.11-lp153.2.3.1
Ссылки
- CVE-2020-29050
- SUSE Bug 1195227