Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -2 articles for you...
203
security advisorymoderate severityfile accessMageia 8: MGASA-2022-0110 Moderate: Sphinx File Access Issue
It was found that sphinx could allow arbitrary files to be read by abusing a configuration option. (CVE-2020-29050) References: - https://bugs.mageia.org/show_bug.cgi?id=30076 . MGASA-2022-0110 - Updated sphinx packages fix security vulnerability Publication date: 23 Mar 2022 URL: https://advisories.mageia.org/MGASA-2022-0110.html Type: security Affected Mageia releases: 8 CVE: CVE-2020-29050 It was found that sphinx could allow arbitrary files to be read by abusing a configuration option. (CVE-2020-29050) References: - https://bugs.mageia.org/show_bug.cgi?id=30076 - https://lists.debian.org/debian-security-announce/2022/msg00002.html - - https://salsa.debian.org/debian/sphinxsearch/-/blob/4d6fe40644130308604845db43d3588e715ec85d/debian/patches/06-CVE-2020-29050.patch - https://www.cve.org/CVERecord?id=CVE-2020-29050 SRPMS: - 8/core/sphinx-2.3.2-0.beta.3.1.mga8 . Recent updates to sphinx libraries rectify a setup vulnerability that permits uncontrolled file access, commencing on March 23, 2022.. Mageia Sphinx Update, Security Fix, File Access Issue. . LinuxSecurity.com Team
Mar 23, 2022
Mageia
202
security advisorymoderatesecurity updateopenSUSE Leap 15.3: openSUSE-SU-2022:0054-1 moderate sphinx vulnerability
An update that solves one vulnerability and has one errata is now available. . openSUSE Security Update: Security update for sphinx ______________________________________________________________________________ Announcement ID: openSUSE-SU-2022:0054-1 Rating: moderate References: #1157590 #1195227 Cross-References: CVE-2020-29050 CVSS scores: CVE-2020-29050 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Affected Products: openSUSE Leap 15.3 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for sphinx fixes the following issues: - CVE-2020-29050: SphinxSearch in Sphinx Technologies Sphinx allows directory traversal (in conjunction with CVE-2019-14511) because the mysql client can be used for CALL SNIPPETS and load_file operations on a full pathname (e.g., a file in the /etc directory). (boo#1195227) - update to 2.0.6 release Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-2022-54=1 Package List: - openSUSE Leap 15.3 (aarch64 i586 ppc64le s390x x86_64): libsphinxclient-0_0_1-2.2.11-lp153.2.3.1 libsphinxclient-devel-2.2.11-lp153.2.3.1 sphinx-2.2.11-lp153.2.3.1 sphinx-debuginfo-2.2.11-lp153.2.3.1 sphinx-debugsource-2.2.11-lp153.2.3.1 References: https://www.suse.com/security/cve/CVE-2020-29050.html https://bugzilla.suse.com/1157590 https://bugzilla.suse.com/1195227 . A recent Sphinx enhancement addresses directory traversal vulnerabilities in openSUSE Leap 15.3. Find out the essential correction and the steps to apply it.. openSUSE updates, Sphinx security, directory traversal fix,cybersecurity patch, openSUSE vulnerability response. . LinuxSecurity.com Team
Mar 01, 2022
OpenSUSE
202
security advisorysecurity updatesoftware patchopenSUSE Leap 15.4: openSUSE-SU-2022:0046-1 Moderate Sphinx Fix
An update that fixes one vulnerability is now available. . openSUSE Security Update: Security update for sphinx ______________________________________________________________________________ Announcement ID: openSUSE-SU-2022:0046-1 Rating: moderate References: #1195227 Cross-References: CVE-2020-29050 CVSS scores: CVE-2020-29050 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Affected Products: openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: sphinx was updated to fix the following issues: - CVE-2020-29050: SphinxSearch in Sphinx Technologies Sphinx through 3.1.1 allows directory traversal (in conjunction with CVE-2019-14511) because the mysql client can be used for CALL SNIPPETS and load_file operations on a full pathname (e.g., a file in the /etc directory). (boo#1195227) Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-2022-46=1 Package List: - openSUSE Leap 15.4 (aarch64 i586 ppc64le s390x x86_64): libsphinxclient-0_0_1-2.2.11-lp154.3.3.1 libsphinxclient-devel-2.2.11-lp154.3.3.1 sphinx-2.2.11-lp154.3.3.1 sphinx-debuginfo-2.2.11-lp154.3.3.1 sphinx-debugsource-2.2.11-lp154.3.3.1 References: https://www.suse.com/security/cve/CVE-2020-29050.html https://bugzilla.suse.com/1195227 . openSUSE enhances sphinx to address directory traversal vulnerabilities classified as moderate risk. Announcement ID: openSUSE-SU-2022:0047-1. openSUSE Security, Sphinx Update, Directory Traversal Fix. . LinuxSecurity.com Team
Feb 21, 2022
OpenSUSE
203
security advisorynetwork securitysoftware updateMageia: 2020-0087 Moderate: Sphinx Authentication Issue
Updated sphinx packages fix security vulnerability: A vulnerability was found in Sphinx Technologies Sphinx 3.1.1 by default has no authentication and listens on 0.0.0.0, making it exposed to the internet, unless filtered by a firewall or reconfigured to listen to 127.0.0.1 only . MGASA-2020-0087 - Updated sphinx packages fix security vulnerability Publication date: 18 Feb 2020 URL: https://advisories.mageia.org/MGASA-2020-0087.html Type: security Affected Mageia releases: 7 CVE: CVE-2019-14511 Updated sphinx packages fix security vulnerability: A vulnerability was found in Sphinx Technologies Sphinx 3.1.1 by default has no authentication and listens on 0.0.0.0, making it exposed to the internet, unless filtered by a firewall or reconfigured to listen to 127.0.0.1 only (CVE-2019-14511). References: - https://bugs.mageia.org/show_bug.cgi?id=25946 - https://lists.fedoraproject.org/archives/list/
Feb 18, 2020
•Important
Mageia
89
security advisoryFedorasecurity fixFedora 31: FEDORA-2019-1f604fd2f2 Critical: Sphinx Information Disclosure
Security fix for CVE-2019-14511. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2019-1f604fd2f2 2019-09-30 00:00:36.231210 --------------------------------------------------------------------------------Name : sphinx Product : Fedora 31 Version : 2.2.11 Release : 13.fc31 URL : http://sphinxsearch.com Summary : Free open-source SQL full-text search engine Description : Sphinx is a full-text search engine, distributed under GPL version 2. Commercial licensing (e.g. for embedded use) is also available upon request. Generally, it's a standalone search engine, meant to provide fast, size-efficient and relevant full-text search functions to other applications. Sphinx was specially designed to integrate well with SQL databases and scripting languages. Currently built-in data source drivers support fetching data either via direct connection to MySQL, or PostgreSQL, or from a pipe in a custom XML format. Adding new drivers (e.g. native support other DBMSes) is designed to be as easy as possible. Search API native ported to PHP, Python, Perl, Ruby, Java, and also available as a plug-gable MySQL storage engine. API is very lightweight so porting it to new language is known to take a few hours. As for the name, Sphinx is an acronym which is officially decoded as SQL Phrase Index. Yes, I know about CMU's Sphinx project. --------------------------------------------------------------------------------Update Information: Security fix for CVE-2019-14511 --------------------------------------------------------------------------------References: [ 1 ] Bug #1749188 - CVE-2019-14511 sphinx: no authentication and listens on 0.0.0.0 leads to information disclosure https://bugzilla.redhat.com/show_bug.cgi?id=1749188 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade--advisory FEDORA-2019-1f604fd2f2' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Sep 29, 2019
•Critical
Fedora
89
security advisoryFedoracritical severityFedora 29 Sphinx: 2019-09-14 Critical Info Leak Advisory
Security fix for CVE-2019-14511. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2019-bdadf4c6f5 2019-09-14 01:53:52.304211 --------------------------------------------------------------------------------Name : sphinx Product : Fedora 29 Version : 2.2.11 Release : 12.fc29 URL : http://sphinxsearch.com Summary : Free open-source SQL full-text search engine Description : Sphinx is a full-text search engine, distributed under GPL version 2. Commercial licensing (e.g. for embedded use) is also available upon request. Generally, it's a standalone search engine, meant to provide fast, size-efficient and relevant full-text search functions to other applications. Sphinx was specially designed to integrate well with SQL databases and scripting languages. Currently built-in data source drivers support fetching data either via direct connection to MySQL, or PostgreSQL, or from a pipe in a custom XML format. Adding new drivers (e.g. native support other DBMSes) is designed to be as easy as possible. Search API native ported to PHP, Python, Perl, Ruby, Java, and also available as a plug-gable MySQL storage engine. API is very lightweight so porting it to new language is known to take a few hours. As for the name, Sphinx is an acronym which is officially decoded as SQL Phrase Index. Yes, I know about CMU's Sphinx project. --------------------------------------------------------------------------------Update Information: Security fix for CVE-2019-14511 --------------------------------------------------------------------------------ChangeLog: * Thu Sep 5 2019 Ben Cotton - 2.2.11-12 - Listen only on localhost (CVE-2019-14511, rhbz#1749190) * Thu Feb 14 2019 Orion Poplawski - 2.2.11-11 - Revert incorrect use of _tmpfiledir rhbx#1551735 * Sun Feb 3 2019 Fedora Release Engineering - 2.2.11-10 - Rebuilt forhttps://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild --------------------------------------------------------------------------------References: [ 1 ] Bug #1749188 - CVE-2019-14511 sphinx: no authentication and listens on 0.0.0.0 leads to information disclosure https://bugzilla.redhat.com/show_bug.cgi?id=1749188 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2019-bdadf4c6f5' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Sep 13, 2019
•Critical
Fedora
89
security advisoryfedoracriticalCritical Info Leak in Fedora 30 Sphinx Update: FEDORA-2019-9231a18768
Security fix for CVE-2019-14511. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2019-9231a18768 2019-09-14 01:11:50.073054 --------------------------------------------------------------------------------Name : sphinx Product : Fedora 30 Version : 2.2.11 Release : 12.fc30 URL : http://sphinxsearch.com Summary : Free open-source SQL full-text search engine Description : Sphinx is a full-text search engine, distributed under GPL version 2. Commercial licensing (e.g. for embedded use) is also available upon request. Generally, it's a standalone search engine, meant to provide fast, size-efficient and relevant full-text search functions to other applications. Sphinx was specially designed to integrate well with SQL databases and scripting languages. Currently built-in data source drivers support fetching data either via direct connection to MySQL, or PostgreSQL, or from a pipe in a custom XML format. Adding new drivers (e.g. native support other DBMSes) is designed to be as easy as possible. Search API native ported to PHP, Python, Perl, Ruby, Java, and also available as a plug-gable MySQL storage engine. API is very lightweight so porting it to new language is known to take a few hours. As for the name, Sphinx is an acronym which is officially decoded as SQL Phrase Index. Yes, I know about CMU's Sphinx project. --------------------------------------------------------------------------------Update Information: Security fix for CVE-2019-14511 --------------------------------------------------------------------------------ChangeLog: * Thu Sep 5 2019 Ben Cotton - 2.2.11-12 - Listen only on localhost (CVE-2019-14511, rhbz#1749190) --------------------------------------------------------------------------------References: [ 1 ] Bug #1749188 - CVE-2019-14511 sphinx: no authentication and listens on 0.0.0.0 leads to information disclosure https://bugzilla.redhat.com/show_bug.cgi?id=1749188 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2019-9231a18768' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Sep 13, 2019
•Critical
Fedora
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!