ctags-5.8-12.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:12624 Final 1 1 2024-06-17T21:45:33Z current 2024-06-17T21:45:33Z 2024-06-17T21:45:33Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z ctags-5.8-12.1 on GA media These are all security issues fixed in the ctags-5.8-12.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-12624 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) E-Mail link for openSUSE-SU-2024:12624 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2022-4515/ SUSE CVE CVE-2022-4515 page openSUSE Tumbleweed ctags-5.8-12.1 ctags-5.8-12.1 as a component of openSUSE Tumbleweed A flaw was found in Exuberant Ctags in the way it handles the "-o" option. This option specifies the tag filename. A crafted tag filename specified in the command line or in the configuration file results in arbitrary command execution because the externalSortTags() in sort.c calls the system(3) function in an unsafe way. CVE-2022-4515 openSUSE Tumbleweed:ctags-5.8-12.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-4515.html CVE-2022-4515 https://bugzilla.suse.com/1206543 SUSE Bug 1206543 https://bugzilla.suse.com/1208350 SUSE Bug 1208350 https://bugzilla.suse.com/1208435 SUSE Bug 1208435 https://bugzilla.suse.com/1209665 SUSE Bug 1209665