Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -4 articles for you...
98
security advisorymoderatesecurity updateRed Hat 8 RHSA-2023-2863-01 Moderate: ctags Command Execution
An update for ctags is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: ctags security update Advisory ID: RHSA-2023:2863-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2023:2863 Issue date: 2023-05-16 CVE Names: CVE-2022-4515 ==================================================================== 1. Summary: An update for ctags is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux CRB (v. 8) - aarch64, ppc64le, s390x, x86_64 3. Description: Ctags is a C programming language indexing and cross-reference tool. Security Fix(es): * ctags: arbitrary command execution via a tag file with a crafted filename (CVE-2022-4515) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.8 Release Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5.Bugs fixed (https://bugzilla.redhat.com/): 2153519 - CVE-2022-4515 ctags: arbitrary command execution via a tag file with a crafted filename 6. Package List: Red Hat Enterprise Linux AppStream (v. 8): Source: ctags-5.8-23.el8.src.rpm aarch64: ctags-5.8-23.el8.aarch64.rpm ctags-debuginfo-5.8-23.el8.aarch64.rpm ctags-debugsource-5.8-23.el8.aarch64.rpm ppc64le: ctags-5.8-23.el8.ppc64le.rpm ctags-debuginfo-5.8-23.el8.ppc64le.rpm ctags-debugsource-5.8-23.el8.ppc64le.rpm s390x: ctags-5.8-23.el8.s390x.rpm ctags-debuginfo-5.8-23.el8.s390x.rpm ctags-debugsource-5.8-23.el8.s390x.rpm x86_64: ctags-5.8-23.el8.x86_64.rpm ctags-debuginfo-5.8-23.el8.x86_64.rpm ctags-debugsource-5.8-23.el8.x86_64.rpm Red Hat Enterprise Linux CRB (v. 8): aarch64: ctags-debuginfo-5.8-23.el8.aarch64.rpm ctags-debugsource-5.8-23.el8.aarch64.rpm ctags-etags-5.8-23.el8.aarch64.rpm ppc64le: ctags-debuginfo-5.8-23.el8.ppc64le.rpm ctags-debugsource-5.8-23.el8.ppc64le.rpm ctags-etags-5.8-23.el8.ppc64le.rpm s390x: ctags-debuginfo-5.8-23.el8.s390x.rpm ctags-debugsource-5.8-23.el8.s390x.rpm ctags-etags-5.8-23.el8.s390x.rpm x86_64: ctags-debuginfo-5.8-23.el8.x86_64.rpm ctags-debugsource-5.8-23.el8.x86_64.rpm ctags-etags-5.8-23.el8.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2022-4515 https://access.redhat.com/security/updates/classification#moderate https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/8/html/8.8_release_notes/index 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIVAwUBZGNwy9zjgjWX9erEAQghORAAhPcMdjAEpttsds8ljMdilMDa5xJqrylP iHC79nsZSbc3F3OfPmS8gAXVjlhCKReGjPzbvovn6ORaQJvl8I0KQOg26CBctXaC GcTn25EGPTU9pdMzZ6xgJEnSQxOPbSX4yvBaji+lVWTC82OKgPFRHtaz26ETLzZh ADCzVpQN3SpfczLMhT/gEZ4WvWWbKm8MY/luUVIIUNXz2lj1CHQowGQSawgWEf7C pp284YwGjxwjSkEvKZ8zLYnzWgjHz9Ji52sa1onMcpgIG7MM7V6mVhb7g5UL5Mk9 nPIPrh45RqYhVndChF69+F2fSPyB4anWBvcrKxNHGprW5reQSmqXKI/PxV0Dv6lR c5vU/UOwRxcHWxzGOcHOCqPD0R7l/Tt3VvKhkXkB2CAzjoSmfB2ELom8PjSj9riv NCvxXBgMqPXBmvYwVFrFsYvGaAHkWVYB7K6fU9TyPl/USjBHl7aesq54Ao++KpML MObFechEMnP1KEg3WT9oIf7RCpvDZrNzZ4/c2dCfsSLlACxNSVaMskMvOpJN5LCQ Gm+WijvaAvG2fZV9gPr0WY4bAl5TdYfIAB0keSETxZIsCa5uwu+oS7KJw1TaNAmG qy9J/0SpmxiJYtafATiCbzJLHEKCx0TEtvnuhgXP/yqmh3kals4Q341zvMya+FSx shMaekwTT6Q=8cS/ -----END PGP SIGNATURE----- -- RHSA-announce mailing list
May 16, 2023
Red Hat
100
security advisorysecurity issueupdateSUSE: 2023:292-1 Important: Ctags Command Injection Security Fix
The container suse/sle-micro/5.4/toolbox was updated. The following patches have been included in this update:. SUSE Container Update Advisory: suse/sle-micro/5.4/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:292-1 Container Tags : suse/sle-micro/5.4/toolbox:12.1 , suse/sle-micro/5.4/toolbox:12.1-3.2.49 , suse/sle-micro/5.4/toolbox:latest Container Release : 3.2.49 Severity : important Type : security References : 1206543 CVE-2022-4515 ----------------------------------------------------------------- The container suse/sle-micro/5.4/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:225-1 Released: Wed Feb 1 09:37:51 2023 Summary: Security update for ctags Type: security Severity: important References: 1206543,CVE-2022-4515 This update for ctags fixes the following issues: - CVE-2022-4515: Fixed a command injection issue via a tag file wih a crafted filename (bsc#1206543). The following package changes have been done: - ctags-5.8-150000.3.3.1 updated . This software patch corrects a remote code execution vulnerability within the Fedora toolbox image, improving system integrity.. SUSE Toolbox Update, Command Injection Fix, Ctags Security Advisory. . Severity: Important. LinuxSecurity.com Team
Feb 08, 2023
•Important
SuSE
100
security advisorysecurityimportantSUSE: 2023:283-1 Critical Update: ctags Security Vulnerability Resolved
The container suse/sle-micro/5.3/toolbox was updated. The following patches have been included in this update:. SUSE Container Update Advisory: suse/sle-micro/5.3/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:282-1 Container Tags : suse/sle-micro/5.3/toolbox:12.1 , suse/sle-micro/5.3/toolbox:12.1-5.2.74 , suse/sle-micro/5.3/toolbox:latest Container Release : 5.2.74 Severity : important Type : security References : 1206543 CVE-2022-4515 ----------------------------------------------------------------- The container suse/sle-micro/5.3/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:225-1 Released: Wed Feb 1 09:37:51 2023 Summary: Security update for ctags Type: security Severity: important References: 1206543,CVE-2022-4515 This update for ctags fixes the following issues: - CVE-2022-4515: Fixed a command injection issue via a tag file wih a crafted filename (bsc#1206543). The following package changes have been done: - ctags-5.8-150000.3.3.1 updated . Newly released SUSE Container suse/sle-micro/5.3/toolbox enhances security for logger functionalities with crucial updates. Discover more!. SUSE Container Update, Important Security Updates, ctags Security Fix. . Severity: Important. LinuxSecurity.com Team
Feb 02, 2023
•Important
SuSE
203
security advisorycriticalsoftware updateMageia: 2023-0004 Critical: Ctags Command Execution Exploit
A flaw was found in Exuberant Ctags in the way it handles the "-o" option. This option specifies the tag filename. A crafted tag filename specified in the command line or in the configuration file results in arbitrary command execution because the externalSortTags() in sort.c calls the system(3) function in an unsafe way. (CVE-2022-4515) . MGASA-2023-0003 - Updated ctags packages fix security vulnerability Publication date: 13 Jan 2023 URL: https://advisories.mageia.org/MGASA-2023-0003.html Type: security Affected Mageia releases: 8 CVE: CVE-2022-4515 A flaw was found in Exuberant Ctags in the way it handles the "-o" option. This option specifies the tag filename. A crafted tag filename specified in the command line or in the configuration file results in arbitrary command execution because the externalSortTags() in sort.c calls the system(3) function in an unsafe way. (CVE-2022-4515) References: - https://bugs.mageia.org/show_bug.cgi?id=31359 - https://lists.debian.org/debian-lts-announce/2022/12/msg00040.html - https://www.cve.org/CVERecord?id=CVE-2022-4515 SRPMS: - 8/core/ctags-5.8-15.1.mga8 . A security bulletin regarding Mageia's ctags package reveals a vulnerability that allows for command execution. Uncover the specifics of the problem and its fix.. Mageia Ctags Command Flaw, Security Advisory Critical, Command Execution Issue. . Severity: Critical. LinuxSecurity.com Team
Jan 13, 2023
•Critical
Mageia
198
security advisorydenial of servicesecurity issueArch Linux ASA-201410-11 Medium: Ctags DoS Risk Identified
The package ctags before version 5.8-5 is vulnerable to denial of service. . Arch Linux Security Advisory ASA-201410-11 ========================================= Severity: Medium Date : 2014-10-24 CVE-ID : CVE-2014-7204 Package : ctags Type : Denial of service Remote : No Link : https://wiki.archlinux.org/title/CVE-2014 Summary ====== The package ctags before version 5.8-5 is vulnerable to denial of service. Resolution ========= Upgrade to 5.8-5. # pacman -Syu "ctags> =5.8-5" The problem has been fixed upstream [0] but no release version is available yet. Workaround ========= None. Description ========== Stefano Zacchiroli discovered a vulnerability in ctags, a tool to build tag file indexes of source code definitions: Certain JavaScript files cause ctags to enter an infinite loop until it runs out of disk space, resulting in denial of service. Impact ===== A local user can run out of disk space resulting in denial of service after running ctags on JavaScript files from an affected or specially prepared public repository. References ========= [0] https://access.redhat.com/security/cve/CVE-2014-7204 https://bugs.archlinux.org/task/42246 https://www.openwall.com/lists/oss-security/2014/09/29/40 . Arch Linux Security Advisory ASA-201410-11 ========================================= Severity: Mediu. package, ctags, version, vulnerable, denial, service, linux, security, advis. . Severity: Medium. LinuxSecurity.com Team
Oct 24, 2014
•Medium
ArchLinux
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!