Описание
Security update for ctags
This update for ctags fixes the following issues:
- CVE-2022-4515: Fixed a command injection issue via a tag file wih a crafted filename (bsc#1206543).
Список пакетов
SUSE Enterprise Storage 6
ctags-5.8-150000.3.3.1
SUSE Enterprise Storage 7
ctags-5.8-150000.3.3.1
SUSE Enterprise Storage 7.1
ctags-5.8-150000.3.3.1
SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS
ctags-5.8-150000.3.3.1
SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS
ctags-5.8-150000.3.3.1
SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS
ctags-5.8-150000.3.3.1
SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS
ctags-5.8-150000.3.3.1
SUSE Linux Enterprise Module for Development Tools 15 SP4
ctags-5.8-150000.3.3.1
SUSE Linux Enterprise Real Time 15 SP3
ctags-5.8-150000.3.3.1
SUSE Linux Enterprise Server 15 SP1-LTSS
ctags-5.8-150000.3.3.1
SUSE Linux Enterprise Server 15 SP2-LTSS
ctags-5.8-150000.3.3.1
SUSE Linux Enterprise Server 15 SP3-LTSS
ctags-5.8-150000.3.3.1
SUSE Linux Enterprise Server for SAP Applications 15 SP1
ctags-5.8-150000.3.3.1
SUSE Linux Enterprise Server for SAP Applications 15 SP2
ctags-5.8-150000.3.3.1
SUSE Linux Enterprise Server for SAP Applications 15 SP3
ctags-5.8-150000.3.3.1
openSUSE Leap 15.4
ctags-5.8-150000.3.3.1
Ссылки
- Link for SUSE-SU-2023:0225-1
- E-Mail link for SUSE-SU-2023:0225-1
- SUSE Security Ratings
- SUSE Bug 1206543
- SUSE CVE CVE-2022-4515 page
Описание
A flaw was found in Exuberant Ctags in the way it handles the "-o" option. This option specifies the tag filename. A crafted tag filename specified in the command line or in the configuration file results in arbitrary command execution because the externalSortTags() in sort.c calls the system(3) function in an unsafe way.
Затронутые продукты
SUSE Enterprise Storage 6:ctags-5.8-150000.3.3.1
SUSE Enterprise Storage 7.1:ctags-5.8-150000.3.3.1
SUSE Enterprise Storage 7:ctags-5.8-150000.3.3.1
SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:ctags-5.8-150000.3.3.1
Ссылки
- CVE-2022-4515
- SUSE Bug 1206543
- SUSE Bug 1208350
- SUSE Bug 1208435
- SUSE Bug 1209665