Mageia 2023-0003: ctags security update | LinuxSecurity.com
MGASA-2023-0003 - Updated ctags packages fix security vulnerability

Publication date: 13 Jan 2023
URL: https://advisories.mageia.org/MGASA-2023-0003.html
Type: security
Affected Mageia releases: 8
CVE: CVE-2022-4515

A flaw was found in Exuberant Ctags in the way it handles the "-o" option.
This option specifies the tag filename. A crafted tag filename specified
in the command line or in the configuration file results in arbitrary
command execution because the externalSortTags() in sort.c calls the
system(3) function in an unsafe way. (CVE-2022-4515)

References:
- https://bugs.mageia.org/show_bug.cgi?id=31359
- https://www.debian.org/lts/security/2022/dla-3254
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4515

SRPMS:
- 8/core/ctags-5.8-15.1.mga8

Mageia 2023-0003: ctags security update

A flaw was found in Exuberant Ctags in the way it handles the "-o" option

Summary

A flaw was found in Exuberant Ctags in the way it handles the "-o" option. This option specifies the tag filename. A crafted tag filename specified in the command line or in the configuration file results in arbitrary command execution because the externalSortTags() in sort.c calls the system(3) function in an unsafe way. (CVE-2022-4515)

References

- https://bugs.mageia.org/show_bug.cgi?id=31359

- https://www.debian.org/lts/security/2022/dla-3254

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4515

Resolution

MGASA-2023-0003 - Updated ctags packages fix security vulnerability

SRPMS

- 8/core/ctags-5.8-15.1.mga8

Severity
Publication date: 13 Jan 2023
URL: https://advisories.mageia.org/MGASA-2023-0003.html
Type: security
CVE: CVE-2022-4515

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.