Описание
Security update for ctags
This update for ctags fixes the following issues:
- CVE-2022-4515: Fixed a command injection issue via a tag file wih a crafted filename (bsc#1206543).
Список пакетов
SUSE Linux Enterprise Server 12 SP2-BCL
ctags-5.8-8.3.1
SUSE Linux Enterprise Server 12 SP4-LTSS
ctags-5.8-8.3.1
SUSE Linux Enterprise Server 12 SP5
ctags-5.8-8.3.1
SUSE Linux Enterprise Server for SAP Applications 12 SP4
ctags-5.8-8.3.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5
ctags-5.8-8.3.1
SUSE OpenStack Cloud 9
ctags-5.8-8.3.1
SUSE OpenStack Cloud Crowbar 9
ctags-5.8-8.3.1
Ссылки
- Link for SUSE-SU-2023:0224-1
- E-Mail link for SUSE-SU-2023:0224-1
- SUSE Security Ratings
- SUSE Bug 1206543
- SUSE CVE CVE-2022-4515 page
Описание
A flaw was found in Exuberant Ctags in the way it handles the "-o" option. This option specifies the tag filename. A crafted tag filename specified in the command line or in the configuration file results in arbitrary command execution because the externalSortTags() in sort.c calls the system(3) function in an unsafe way.
Затронутые продукты
SUSE Linux Enterprise Server 12 SP2-BCL:ctags-5.8-8.3.1
SUSE Linux Enterprise Server 12 SP4-LTSS:ctags-5.8-8.3.1
SUSE Linux Enterprise Server 12 SP5:ctags-5.8-8.3.1
SUSE Linux Enterprise Server for SAP Applications 12 SP4:ctags-5.8-8.3.1
Ссылки
- CVE-2022-4515
- SUSE Bug 1206543
- SUSE Bug 1208350
- SUSE Bug 1208435
- SUSE Bug 1209665