Bug 1195227 - (CVE-2020-29050) VUL-0: CVE-2020-29050: sphinx: sphinxsearch -- security update
(CVE-2020-29050)
VUL-0: CVE-2020-29050: sphinx: sphinxsearch -- security update
Status: IN_PROGRESS
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Bruno Friedmann
Security Team bot
https://smash.suse.de/issue/319739/
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2022-01-27 16:10 UTC by Marcus Meissner
Modified: 2022-03-01 20:17 UTC (History)
2 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Marcus Meissner 2022-01-27 16:10:20 UTC
CVE-2020-29050

SphinxSearch in Sphinx Technologies Sphinx through 3.1.1 allows directory
traversal (in conjunction with CVE-2019-14511) because the mysql client can be
used for CALL SNIPPETS and load_file operations on a full pathname (e.g., a file
in the /etc directory). NOTE: this is unrelated to CMUSphinx.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-29050
http://www.debian.org/security/-1/dsa-5036
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-29050
http://www.cvedetails.com/cve/CVE-2020-29050/
https://security-tracker.debian.org/tracker/CVE-2020-29050
https://blog.wirhabenstil.de/2019/08/19/sphinxsearch-0-0-0-09306-cve-2019-14511/
Comment 2 Bruno Friedmann 2022-01-30 17:31:11 UTC
Fixes in Factory https://build.opensuse.org/request/show/949725
Maintenance sent for openSUSE:Leap:15.3:Update
https://build.opensuse.org/request/show/950028
For openSUSE:Leap:15.4:Update
https://build.opensuse.org/request/show/950029
Comment 3 Swamp Workflow Management 2022-02-21 08:20:10 UTC
openSUSE-SU-2022:0046-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 1195227
CVE References: CVE-2020-29050
JIRA References: 
Sources used:
openSUSE Leap 15.4 (src):    sphinx-2.2.11-lp154.3.3.1
Comment 4 Swamp Workflow Management 2022-03-01 20:17:59 UTC
openSUSE-SU-2022:0054-1: An update that solves one vulnerability and has one errata is now available.

Category: security (moderate)
Bug References: 1157590,1195227
CVE References: CVE-2020-29050
JIRA References: 
Sources used:
openSUSE Leap 15.3 (src):    sphinx-2.2.11-lp153.2.3.1