Alerts This Week
Warning Icon 1 1,071
Alerts This Week
Warning Icon 1 1,071

Mageia 8: MGASA-2022-0110 Moderate: Sphinx File Access Issue

mageia
Calendar Grey March 23, 2022
Dist Mageia Esm H88
Recent updates to sphinx libraries rectify a setup vulnerability that permits uncontrolled file access, commencing on March 23, 2022.
It was found that sphinx could allow arbitrary files to be read by abusing a configuration option

Summary

It was found that sphinx could allow arbitrary files to be read by abusing a configuration option. (CVE-2020-29050)

References

- https://bugs.mageia.org/show_bug.cgi?id=30076

- https://lists.debian.org/debian-security-announce/2022/msg00002.html

-

- https://salsa.debian.org/debian/sphinxsearch/-/blob/4d6fe40644130308604845db43d3588e715ec85d/debian/patches/06-CVE-2020-29050.patch

- https://www.cve.org/CVERecord?id=CVE-2020-29050

Topics%20covered

Topics Covered

security advisory moderate severity file access configuration issue mageia sphinx

Resolution

SRPMS

- 8/core/sphinx-2.3.2-0.beta.3.1.mga8

Publication date: 23 Mar 2022
URL: https://advisories.mageia.org/MGASA-2022-0110.html
Type: security
CVE: CVE-2020-29050

Topics%20covered

Topics Covered

security advisory moderate severity file access configuration issue mageia sphinx

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here