Ubuntu 5820-1: exuberant-ctags vulnerability | LinuxSecurity.com
==========================================================================
Ubuntu Security Notice USN-5820-1
January 24, 2023

exuberant-ctags vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 22.10
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 ESM

Summary:

Exuberant ctags could be make to perform arbitary command execution if run
with maliciously crafted user input

Software Description:
- exuberant-ctags: build tag file indexes of source code definitions

Details:

Lorenz Hipp discovered a flaw in exuberant-ctags handling of the tag 
filename command-line argument. A crafted tag filename specified in the 
command line or in the configuration file could result in arbitrary 
command execution.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 22.10:
exuberant-ctags 1:5.9~svn20110310-16ubuntu0.22.10.1

Ubuntu 22.04 LTS:
exuberant-ctags 1:5.9~svn20110310-16ubuntu0.22.04.1

Ubuntu 20.04 LTS:
exuberant-ctags 1:5.9~svn20110310-12ubuntu0.1

Ubuntu 18.04 LTS:
exuberant-ctags 1:5.9~svn20110310-11ubuntu0.1

Ubuntu 16.04 ESM:
exuberant-ctags 1:5.9~svn20110310-11ubuntu0.1~esm1

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-5820-1
CVE-2022-4515

Package Information:
https://launchpad.net/ubuntu/+source/exuberant-ctags/1:5.9~svn20110310-16ubuntu0.22.10.1
https://launchpad.net/ubuntu/+source/exuberant-ctags/1:5.9~svn20110310-16ubuntu0.22.04.1
https://launchpad.net/ubuntu/+source/exuberant-ctags/1:5.9~svn20110310-12ubuntu0.1
https://launchpad.net/ubuntu/+source/exuberant-ctags/1:5.9~svn20110310-11ubuntu0.1

Ubuntu 5820-1: exuberant-ctags vulnerability

January 24, 2023
Exuberant ctags could be make to perform arbitary command execution if run with maliciously crafted user input

Summary

A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 22.10 - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 ESM Summary: Exuberant ctags could be make to perform arbitary command execution if run with maliciously crafted user input Software Description: - exuberant-ctags: build tag file indexes of source code definitions Details: Lorenz Hipp discovered a flaw in exuberant-ctags handling of the tag filename command-line argument. A crafted tag filename specified in the command line or in the configuration file could result in arbitrary command execution.

Update Instructions

The problem can be corrected by updating your system to the following package versions: Ubuntu 22.10: exuberant-ctags 1:5.9~svn20110310-16ubuntu0.22.10.1 Ubuntu 22.04 LTS: exuberant-ctags 1:5.9~svn20110310-16ubuntu0.22.04.1 Ubuntu 20.04 LTS: exuberant-ctags 1:5.9~svn20110310-12ubuntu0.1 Ubuntu 18.04 LTS: exuberant-ctags 1:5.9~svn20110310-11ubuntu0.1 Ubuntu 16.04 ESM: exuberant-ctags 1:5.9~svn20110310-11ubuntu0.1~esm1 In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-5820-1

CVE-2022-4515

Severity
Ubuntu Security Notice USN-5820-1

Package Information

https://launchpad.net/ubuntu/+source/exuberant-ctags/1:5.9~svn20110310-16ubuntu0.22.10.1 https://launchpad.net/ubuntu/+source/exuberant-ctags/1:5.9~svn20110310-16ubuntu0.22.04.1 https://launchpad.net/ubuntu/+source/exuberant-ctags/1:5.9~svn20110310-12ubuntu0.1 https://launchpad.net/ubuntu/+source/exuberant-ctags/1:5.9~svn20110310-11ubuntu0.1