OESA-2022-1496

See a problem?
Please try reporting it to the source first.

Source

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2022-1496

Import Source

https://repo.openeuler.org/security/data/osv/OESA-2022-1496.json

JSON Data

https://api.test.osv.dev/v1/vulns/OESA-2022-1496

Upstream

CVE-2020-29050

Published

2022-01-22T11:03:28Z

Modified

2025-08-12T05:06:21.044411Z

Summary

sphinx security update

Details

Sphinx is a full-text search engine, distributed under GPL version 2. Commercial licensing (e.g. for embedded use) is also available upon request. Generally, it's a standalone search engine, meant to provide fast, size-efficient and relevant full-text search functions to other applications. Sphinx was specially designed to integrate well with SQL databases and scripting languages. Currently built-in data source drivers support fetching data either via direct connection to MySQL, or PostgreSQL, or from a pipe in a custom XML format. Adding new drivers (e.g. native support other DBMSes) is designed to be as easy as possible. Search API native ported to PHP, Python, Perl, Ruby, Java, and also available as a plug-gable MySQL storage engine. API is very lightweight so porting it to new language is known to take a few hours. As for the name, Sphinx is an acronym which is officially decoded as SQL Phrase Index. Yes, I know about CMU's Sphinx project.

Security Fix(es):

SphinxSearch in Sphinx Technologies Sphinx through 3.1.1 allows directory traversal (in conjunction with CVE-2019-14511) because the mysql client can be used for CALL SNIPPETS and load_file operations on a full pathname (e.g., a file in the /etc directory). NOTE: this is unrelated to CMUSphinx.(CVE-2020-29050)

Database specific

{
    "severity": "High"
}

References

Affected packages

openEuler:20.03-LTS-SP1 / sphinx

Package

Name: sphinx
Purl: pkg:rpm/openEuler/sphinx&distro=openEuler-20.03-LTS-SP1

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.2.11-2.oe1

Ecosystem specific

{
    "aarch64": [
        "libsphinxclient-devel-2.2.11-2.oe1.aarch64.rpm",
        "sphinx-php-2.2.11-2.oe1.aarch64.rpm",
        "libsphinxclient-2.2.11-2.oe1.aarch64.rpm",
        "sphinx-debuginfo-2.2.11-2.oe1.aarch64.rpm",
        "sphinx-2.2.11-2.oe1.aarch64.rpm",
        "sphinx-java-2.2.11-2.oe1.aarch64.rpm",
        "sphinx-debugsource-2.2.11-2.oe1.aarch64.rpm"
    ],
    "src": [
        "sphinx-2.2.11-2.oe1.src.rpm"
    ],
    "x86_64": [
        "sphinx-php-2.2.11-2.oe1.x86_64.rpm",
        "sphinx-debugsource-2.2.11-2.oe1.x86_64.rpm",
        "sphinx-2.2.11-2.oe1.x86_64.rpm",
        "sphinx-java-2.2.11-2.oe1.x86_64.rpm",
        "libsphinxclient-devel-2.2.11-2.oe1.x86_64.rpm",
        "sphinx-debuginfo-2.2.11-2.oe1.x86_64.rpm",
        "libsphinxclient-2.2.11-2.oe1.x86_64.rpm"
    ],
    "noarch": [
        "sphinx-help-2.2.11-2.oe1.noarch.rpm"
    ]
}

Database specific

source

"https://repo.openeuler.org/security/data/osv/OESA-2022-1496.json"

openEuler:20.03-LTS-SP2 / sphinx

Package

Name: sphinx
Purl: pkg:rpm/openEuler/sphinx&distro=openEuler-20.03-LTS-SP2

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.2.11-2.oe1

Ecosystem specific

{
    "aarch64": [
        "libsphinxclient-2.2.11-2.oe1.aarch64.rpm",
        "sphinx-debugsource-2.2.11-2.oe1.aarch64.rpm",
        "sphinx-java-2.2.11-2.oe1.aarch64.rpm",
        "sphinx-2.2.11-2.oe1.aarch64.rpm",
        "sphinx-debuginfo-2.2.11-2.oe1.aarch64.rpm",
        "libsphinxclient-devel-2.2.11-2.oe1.aarch64.rpm",
        "sphinx-php-2.2.11-2.oe1.aarch64.rpm"
    ],
    "src": [
        "sphinx-2.2.11-2.oe1.src.rpm"
    ],
    "x86_64": [
        "sphinx-php-2.2.11-2.oe1.x86_64.rpm",
        "sphinx-debuginfo-2.2.11-2.oe1.x86_64.rpm",
        "libsphinxclient-2.2.11-2.oe1.x86_64.rpm",
        "sphinx-java-2.2.11-2.oe1.x86_64.rpm",
        "libsphinxclient-devel-2.2.11-2.oe1.x86_64.rpm",
        "sphinx-2.2.11-2.oe1.x86_64.rpm",
        "sphinx-debugsource-2.2.11-2.oe1.x86_64.rpm"
    ],
    "noarch": [
        "sphinx-help-2.2.11-2.oe1.noarch.rpm"
    ]
}

Database specific

source

"https://repo.openeuler.org/security/data/osv/OESA-2022-1496.json"

openEuler:20.03-LTS-SP3 / sphinx

Package

Name: sphinx
Purl: pkg:rpm/openEuler/sphinx&distro=openEuler-20.03-LTS-SP3

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.2.11-2.oe1

Ecosystem specific

{
    "aarch64": [
        "sphinx-java-2.2.11-2.oe1.aarch64.rpm",
        "sphinx-debugsource-2.2.11-2.oe1.aarch64.rpm",
        "sphinx-debuginfo-2.2.11-2.oe1.aarch64.rpm",
        "sphinx-2.2.11-2.oe1.aarch64.rpm",
        "libsphinxclient-2.2.11-2.oe1.aarch64.rpm",
        "sphinx-php-2.2.11-2.oe1.aarch64.rpm",
        "libsphinxclient-devel-2.2.11-2.oe1.aarch64.rpm"
    ],
    "src": [
        "sphinx-2.2.11-2.oe1.src.rpm"
    ],
    "x86_64": [
        "sphinx-2.2.11-2.oe1.x86_64.rpm",
        "sphinx-debugsource-2.2.11-2.oe1.x86_64.rpm",
        "sphinx-java-2.2.11-2.oe1.x86_64.rpm",
        "sphinx-php-2.2.11-2.oe1.x86_64.rpm",
        "libsphinxclient-2.2.11-2.oe1.x86_64.rpm",
        "sphinx-debuginfo-2.2.11-2.oe1.x86_64.rpm",
        "libsphinxclient-devel-2.2.11-2.oe1.x86_64.rpm"
    ],
    "noarch": [
        "sphinx-help-2.2.11-2.oe1.noarch.rpm"
    ]
}

Database specific

source

"https://repo.openeuler.org/security/data/osv/OESA-2022-1496.json"