Advisories » MGASA-2023-0003

Updated ctags packages fix security vulnerability

Publication date: 13 Jan 2023
Modification date: 13 Jan 2023
Type: security
Affected Mageia releases : 8
CVE: CVE-2022-4515

Description

A flaw was found in Exuberant Ctags in the way it handles the "-o" option.
This option specifies the tag filename. A crafted tag filename specified
in the command line or in the configuration file results in arbitrary
command execution because the externalSortTags() in sort.c calls the
system(3) function in an unsafe way. (CVE-2022-4515)
                

References

• https://bugs.mageia.org/show_bug.cgi?id=31359
• https://www.debian.org/lts/security/2022/dla-3254
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4515

SRPMS

8/core

• ctags-5.8-15.1.mga8