cvrf2cusa/cvrf/2022/cvrf-openEuler-SA-2022-1496.xml

<?xml version="1.0" encoding="UTF-8"?>
<cvrfdoc xmlns="http://www.icasi.org/CVRF/schema/cvrf/1.1" xmlns:cvrf="http://www.icasi.org/CVRF/schema/cvrf/1.1">
	<DocumentTitle xml:lang="en">An update for sphinx is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP2 and openEuler-20.03-LTS-SP3</DocumentTitle>
	<DocumentType>Security Advisory</DocumentType>
	<DocumentPublisher Type="Vendor">
		<ContactDetails>openeuler-security@openeuler.org</ContactDetails>
		<IssuingAuthority>openEuler security committee</IssuingAuthority>
	</DocumentPublisher>
	<DocumentTracking>
		<Identification>
			<ID>openEuler-SA-2022-1496</ID>
		</Identification>
		<Status>Final</Status>
		<Version>1.0</Version>
		<RevisionHistory>
			<Revision>
				<Number>1.0</Number>
				<Date>2022-01-22</Date>
				<Description>Initial</Description>
			</Revision>
		</RevisionHistory>
		<InitialReleaseDate>2022-01-22</InitialReleaseDate>
		<CurrentReleaseDate>2022-01-22</CurrentReleaseDate>
		<Generator>
			<Engine>openEuler SA Tool V1.0</Engine>
			<Date>2022-01-22</Date>
		</Generator>
	</DocumentTracking>
	<DocumentNotes>
		<Note Title="Synopsis" Type="General" Ordinal="1" xml:lang="en">sphinx security update</Note>
		<Note Title="Summary" Type="General" Ordinal="2" xml:lang="en">An update for sphinx is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP2 and openEuler-20.03-LTS-SP3.</Note>
		<Note Title="Description" Type="General" Ordinal="3" xml:lang="en">Sphinx is a full-text search engine, distributed under GPL version 2. Commercial licensing (e.g. for embedded use) is also available upon request. Generally, it&apos;s a standalone search engine, meant to provide fast, size-efficient and relevant full-text search functions to other applications. Sphinx was specially designed to integrate well with SQL databases and scripting languages. Currently built-in data source drivers support fetching data either via direct connection to MySQL, or PostgreSQL, or from a pipe in a custom XML format. Adding new drivers (e.g. native support other DBMSes) is designed to be as easy as possible. Search API native ported to PHP, Python, Perl, Ruby, Java, and also available as a plug-gable MySQL storage engine. API is very lightweight so porting it to new language is known to take a few hours. As for the name, Sphinx is an acronym which is officially decoded as SQL Phrase Index. Yes, I know about CMU&apos;s Sphinx project.

Security Fix(es):

SphinxSearch in Sphinx Technologies Sphinx through 3.1.1 allows directory traversal (in conjunction with CVE-2019-14511) because the mysql client can be used for CALL SNIPPETS and load_file operations on a full pathname (e.g., a file in the /etc directory). NOTE: this is unrelated to CMUSphinx.(CVE-2020-29050)</Note>
		<Note Title="Topic" Type="General" Ordinal="4" xml:lang="en">An update for sphinx is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP2 and openEuler-20.03-LTS-SP3.

openEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.</Note>
		<Note Title="Severity" Type="General" Ordinal="5" xml:lang="en">High</Note>
		<Note Title="Affected Component" Type="General" Ordinal="6" xml:lang="en">sphinx</Note>
	</DocumentNotes>
	<DocumentReferences>
		<Reference Type="Self">
			<URL>https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1496</URL>
		</Reference>
		<Reference Type="openEuler CVE">
			<URL>https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2020-29050</URL>
		</Reference>
		<Reference Type="Other">
			<URL>https://nvd.nist.gov/vuln/detail/CVE-2020-29050</URL>
		</Reference>
	</DocumentReferences>
	<ProductTree xmlns="http://www.icasi.org/CVRF/schema/prod/1.1">
		<Branch Type="Product Name" Name="openEuler">
			<FullProductName ProductID="openEuler-20.03-LTS-SP1" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">openEuler-20.03-LTS-SP1</FullProductName>
			<FullProductName ProductID="openEuler-20.03-LTS-SP2" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP2">openEuler-20.03-LTS-SP2</FullProductName>
			<FullProductName ProductID="openEuler-20.03-LTS-SP3" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">openEuler-20.03-LTS-SP3</FullProductName>
		</Branch>
		<Branch Type="Package Arch" Name="aarch64">
			<FullProductName ProductID="libsphinxclient-devel-2.2.11-2" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">libsphinxclient-devel-2.2.11-2.oe1.aarch64.rpm</FullProductName>
			<FullProductName ProductID="sphinx-php-2.2.11-2" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">sphinx-php-2.2.11-2.oe1.aarch64.rpm</FullProductName>
			<FullProductName ProductID="libsphinxclient-2.2.11-2" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">libsphinxclient-2.2.11-2.oe1.aarch64.rpm</FullProductName>
			<FullProductName ProductID="sphinx-debuginfo-2.2.11-2" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">sphinx-debuginfo-2.2.11-2.oe1.aarch64.rpm</FullProductName>
			<FullProductName ProductID="sphinx-2.2.11-2" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">sphinx-2.2.11-2.oe1.aarch64.rpm</FullProductName>
			<FullProductName ProductID="sphinx-java-2.2.11-2" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">sphinx-java-2.2.11-2.oe1.aarch64.rpm</FullProductName>
			<FullProductName ProductID="sphinx-debugsource-2.2.11-2" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">sphinx-debugsource-2.2.11-2.oe1.aarch64.rpm</FullProductName>
			<FullProductName ProductID="libsphinxclient-2.2.11-2" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP2">libsphinxclient-2.2.11-2.oe1.aarch64.rpm</FullProductName>
			<FullProductName ProductID="sphinx-debugsource-2.2.11-2" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP2">sphinx-debugsource-2.2.11-2.oe1.aarch64.rpm</FullProductName>
			<FullProductName ProductID="sphinx-java-2.2.11-2" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP2">sphinx-java-2.2.11-2.oe1.aarch64.rpm</FullProductName>
			<FullProductName ProductID="sphinx-2.2.11-2" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP2">sphinx-2.2.11-2.oe1.aarch64.rpm</FullProductName>
			<FullProductName ProductID="sphinx-debuginfo-2.2.11-2" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP2">sphinx-debuginfo-2.2.11-2.oe1.aarch64.rpm</FullProductName>
			<FullProductName ProductID="libsphinxclient-devel-2.2.11-2" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP2">libsphinxclient-devel-2.2.11-2.oe1.aarch64.rpm</FullProductName>
			<FullProductName ProductID="sphinx-php-2.2.11-2" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP2">sphinx-php-2.2.11-2.oe1.aarch64.rpm</FullProductName>
			<FullProductName ProductID="sphinx-java-2.2.11-2" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">sphinx-java-2.2.11-2.oe1.aarch64.rpm</FullProductName>
			<FullProductName ProductID="sphinx-debugsource-2.2.11-2" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">sphinx-debugsource-2.2.11-2.oe1.aarch64.rpm</FullProductName>
			<FullProductName ProductID="sphinx-debuginfo-2.2.11-2" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">sphinx-debuginfo-2.2.11-2.oe1.aarch64.rpm</FullProductName>
			<FullProductName ProductID="sphinx-2.2.11-2" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">sphinx-2.2.11-2.oe1.aarch64.rpm</FullProductName>
			<FullProductName ProductID="libsphinxclient-2.2.11-2" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">libsphinxclient-2.2.11-2.oe1.aarch64.rpm</FullProductName>
			<FullProductName ProductID="sphinx-php-2.2.11-2" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">sphinx-php-2.2.11-2.oe1.aarch64.rpm</FullProductName>
			<FullProductName ProductID="libsphinxclient-devel-2.2.11-2" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">libsphinxclient-devel-2.2.11-2.oe1.aarch64.rpm</FullProductName>
		</Branch>
		<Branch Type="Package Arch" Name="noarch">
			<FullProductName ProductID="sphinx-help-2.2.11-2" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">sphinx-help-2.2.11-2.oe1.noarch.rpm</FullProductName>
			<FullProductName ProductID="sphinx-help-2.2.11-2" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP2">sphinx-help-2.2.11-2.oe1.noarch.rpm</FullProductName>
			<FullProductName ProductID="sphinx-help-2.2.11-2" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">sphinx-help-2.2.11-2.oe1.noarch.rpm</FullProductName>
		</Branch>
		<Branch Type="Package Arch" Name="src">
			<FullProductName ProductID="sphinx-2.2.11-2" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">sphinx-2.2.11-2.oe1.src.rpm</FullProductName>
			<FullProductName ProductID="sphinx-2.2.11-2" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP2">sphinx-2.2.11-2.oe1.src.rpm</FullProductName>
			<FullProductName ProductID="sphinx-2.2.11-2" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">sphinx-2.2.11-2.oe1.src.rpm</FullProductName>
		</Branch>
		<Branch Type="Package Arch" Name="x86_64">
			<FullProductName ProductID="sphinx-php-2.2.11-2" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">sphinx-php-2.2.11-2.oe1.x86_64.rpm</FullProductName>
			<FullProductName ProductID="sphinx-debugsource-2.2.11-2" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">sphinx-debugsource-2.2.11-2.oe1.x86_64.rpm</FullProductName>
			<FullProductName ProductID="sphinx-2.2.11-2" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">sphinx-2.2.11-2.oe1.x86_64.rpm</FullProductName>
			<FullProductName ProductID="sphinx-java-2.2.11-2" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">sphinx-java-2.2.11-2.oe1.x86_64.rpm</FullProductName>
			<FullProductName ProductID="libsphinxclient-devel-2.2.11-2" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">libsphinxclient-devel-2.2.11-2.oe1.x86_64.rpm</FullProductName>
			<FullProductName ProductID="sphinx-debuginfo-2.2.11-2" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">sphinx-debuginfo-2.2.11-2.oe1.x86_64.rpm</FullProductName>
			<FullProductName ProductID="libsphinxclient-2.2.11-2" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">libsphinxclient-2.2.11-2.oe1.x86_64.rpm</FullProductName>
			<FullProductName ProductID="sphinx-php-2.2.11-2" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP2">sphinx-php-2.2.11-2.oe1.x86_64.rpm</FullProductName>
			<FullProductName ProductID="sphinx-debuginfo-2.2.11-2" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP2">sphinx-debuginfo-2.2.11-2.oe1.x86_64.rpm</FullProductName>
			<FullProductName ProductID="libsphinxclient-2.2.11-2" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP2">libsphinxclient-2.2.11-2.oe1.x86_64.rpm</FullProductName>
			<FullProductName ProductID="sphinx-java-2.2.11-2" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP2">sphinx-java-2.2.11-2.oe1.x86_64.rpm</FullProductName>
			<FullProductName ProductID="libsphinxclient-devel-2.2.11-2" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP2">libsphinxclient-devel-2.2.11-2.oe1.x86_64.rpm</FullProductName>
			<FullProductName ProductID="sphinx-2.2.11-2" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP2">sphinx-2.2.11-2.oe1.x86_64.rpm</FullProductName>
			<FullProductName ProductID="sphinx-debugsource-2.2.11-2" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP2">sphinx-debugsource-2.2.11-2.oe1.x86_64.rpm</FullProductName>
			<FullProductName ProductID="sphinx-2.2.11-2" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">sphinx-2.2.11-2.oe1.x86_64.rpm</FullProductName>
			<FullProductName ProductID="sphinx-debugsource-2.2.11-2" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">sphinx-debugsource-2.2.11-2.oe1.x86_64.rpm</FullProductName>
			<FullProductName ProductID="sphinx-java-2.2.11-2" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">sphinx-java-2.2.11-2.oe1.x86_64.rpm</FullProductName>
			<FullProductName ProductID="sphinx-php-2.2.11-2" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">sphinx-php-2.2.11-2.oe1.x86_64.rpm</FullProductName>
			<FullProductName ProductID="libsphinxclient-2.2.11-2" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">libsphinxclient-2.2.11-2.oe1.x86_64.rpm</FullProductName>
			<FullProductName ProductID="sphinx-debuginfo-2.2.11-2" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">sphinx-debuginfo-2.2.11-2.oe1.x86_64.rpm</FullProductName>
			<FullProductName ProductID="libsphinxclient-devel-2.2.11-2" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">libsphinxclient-devel-2.2.11-2.oe1.x86_64.rpm</FullProductName>
		</Branch>
	</ProductTree>
	<Vulnerability Ordinal="1" xmlns="http://www.icasi.org/CVRF/schema/vuln/1.1">
		<Notes>
			<Note Title="Vulnerability Description" Type="General" Ordinal="1" xml:lang="en">SphinxSearch in Sphinx Technologies Sphinx through 3.1.1 allows directory traversal (in conjunction with CVE-2019-14511) because the mysql client can be used for CALL SNIPPETS and load_file operations on a full pathname (e.g., a file in the /etc directory). NOTE: this is unrelated to CMUSphinx.</Note>
		</Notes>
		<ReleaseDate>2022-01-22</ReleaseDate>
		<CVE>CVE-2020-29050</CVE>
		<ProductStatuses>
			<Status Type="Fixed">
				<ProductID>openEuler-20.03-LTS-SP1</ProductID>
				<ProductID>openEuler-20.03-LTS-SP2</ProductID>
				<ProductID>openEuler-20.03-LTS-SP3</ProductID>
			</Status>
		</ProductStatuses>
		<Threats>
			<Threat Type="Impact">
				<Description>High</Description>
			</Threat>
		</Threats>
		<CVSSScoreSets>
			<ScoreSet>
				<BaseScore>7.5</BaseScore>
				<Vector>AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N</Vector>
			</ScoreSet>
		</CVSSScoreSets>
		<Remediations>
			<Remediation Type="Vendor Fix">
				<Description>sphinx security update</Description>
				<DATE>2022-01-22</DATE>
				<URL>https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1496</URL>
			</Remediation>
		</Remediations>
	</Vulnerability>
</cvrfdoc>