Advisories » MGASA-2020-0087

Updated sphinx packages fix security vulnerability

Publication date: 18 Feb 2020
Modification date: 18 Feb 2020
Type: security
Affected Mageia releases : 7
CVE: CVE-2019-14511

Description

Updated sphinx packages fix security vulnerability:

A vulnerability was found in Sphinx Technologies Sphinx 3.1.1 by default has
no authentication and listens on 0.0.0.0, making it exposed to the internet,
unless filtered by a firewall or reconfigured to listen to 127.0.0.1 only
(CVE-2019-14511).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=25946
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/YSLPW44RWIGHU5AG3P4U2HPSD3UBG4GJ/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14511

SRPMS

7/core

• sphinx-2.3.2-0.beta.1.1.mga7