Lucene search

K
suseSuseOPENSUSE-SU-2022:0046-1
HistoryFeb 21, 2022 - 12:00 a.m.

Security update for sphinx (moderate)

2022-02-2100:00:00
lists.opensuse.org
9

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

An update that fixes one vulnerability is now available.

Description:

sphinx was updated to fix the following issues:

  • CVE-2020-29050: SphinxSearch in Sphinx Technologies Sphinx through 3.1.1
    allows directory traversal (in conjunction with CVE-2019-14511) because
    the mysql client can be used for CALL SNIPPETS and load_file operations
    on a full pathname (e.g., a file in the /etc directory). (boo#1195227)

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or “zypper patch”.

Alternatively you can run the command listed for your product:

  • openSUSE Leap 15.4:

    zypper in -t patch openSUSE-2022-46=1

OSVersionArchitecturePackageVersionFilename
openSUSE Leap15.4aarch64< - openSUSE Leap 15.4 (aarch64 i586 ppc64le s390x x86_64):- openSUSE Leap 15.4 (aarch64 i586 ppc64le s390x x86_64):.aarch64.rpm
openSUSE Leap15.4i586< - openSUSE Leap 15.4 (aarch64 i586 ppc64le s390x x86_64):- openSUSE Leap 15.4 (aarch64 i586 ppc64le s390x x86_64):.i586.rpm
openSUSE Leap15.4ppc64le< - openSUSE Leap 15.4 (aarch64 i586 ppc64le s390x x86_64):- openSUSE Leap 15.4 (aarch64 i586 ppc64le s390x x86_64):.ppc64le.rpm
openSUSE Leap15.4s390x< - openSUSE Leap 15.4 (aarch64 i586 ppc64le s390x x86_64):- openSUSE Leap 15.4 (aarch64 i586 ppc64le s390x x86_64):.s390x.rpm
openSUSE Leap15.4x86_64< - openSUSE Leap 15.4 (aarch64 i586 ppc64le s390x x86_64):- openSUSE Leap 15.4 (aarch64 i586 ppc64le s390x x86_64):.x86_64.rpm

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

Related for OPENSUSE-SU-2022:0046-1