ctags-5.8-23.el8

エラータID: AXSA:2023-5722:01

Release date: 
Thursday, June 1, 2023 - 03:14
Subject: 
ctags-5.8-23.el8
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
Moderate
Description: 

Ctags is a C programming language indexing and cross-reference tool.

Security Fix(es):

* ctags: arbitrary command execution via a tag file with a crafted filename (CVE-2022-4515)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2022-4515
A flaw was found in Exuberant Ctags in the way it handles the "-o" option. This option specifies the tag filename. A crafted tag filename specified in the command line or in the configuration file results in arbitrary command execution because the externalSortTags() in sort.c calls the system(3) function in an unsafe way.

Solution: 

Update packages.

CVEs: 
CVE-2022-4515
A flaw was found in Exuberant Ctags in the way it handles the "-o" option. This option specifies the tag filename. A crafted tag filename specified in the command line or in the configuration file results in arbitrary command execution because the externalSortTags() in sort.c calls the system(3) function in an unsafe way.
Additional Info: 

N/A

Download: 

SRPMS
  1. ctags-5.8-23.el8.src.rpm
    MD5: e2be065d2aab24242423182c171c85da
    SHA-256: cb659cfe06de2f1697c378ef919d6bea39dba06e2deb3ef9187ac7a45a9949f8
    Size: 496.76 kB

Asianux Server 8 for x86_64
  1. ctags-5.8-23.el8.x86_64.rpm
    MD5: f0ddaa4175fe4b2c5087febfbb422f50
    SHA-256: 47efb68e891cad2c34259b0c3a52fa0af92942717fded5a013f2b27267cf4166
    Size: 169.09 kB
  2. ctags-etags-5.8-23.el8.x86_64.rpm
    MD5: 7d1f7c9f1332725ed8b4190a49432c52
    SHA-256: 382c3131f644d125bf6ff43c5258e4d00ac360324f9aa34ad618284566ab3c9f
    Size: 20.06 kB