-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: ctags security update Advisory ID: RHSA-2023:2863-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2023:2863 Issue date: 2023-05-16 CVE Names: CVE-2022-4515 ==================================================================== 1. Summary: An update for ctags is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux CRB (v. 8) - aarch64, ppc64le, s390x, x86_64 3. Description: Ctags is a C programming language indexing and cross-reference tool. Security Fix(es): * ctags: arbitrary command execution via a tag file with a crafted filename (CVE-2022-4515) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.8 Release Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2153519 - CVE-2022-4515 ctags: arbitrary command execution via a tag file with a crafted filename 6. Package List: Red Hat Enterprise Linux AppStream (v. 8): Source: ctags-5.8-23.el8.src.rpm aarch64: ctags-5.8-23.el8.aarch64.rpm ctags-debuginfo-5.8-23.el8.aarch64.rpm ctags-debugsource-5.8-23.el8.aarch64.rpm ppc64le: ctags-5.8-23.el8.ppc64le.rpm ctags-debuginfo-5.8-23.el8.ppc64le.rpm ctags-debugsource-5.8-23.el8.ppc64le.rpm s390x: ctags-5.8-23.el8.s390x.rpm ctags-debuginfo-5.8-23.el8.s390x.rpm ctags-debugsource-5.8-23.el8.s390x.rpm x86_64: ctags-5.8-23.el8.x86_64.rpm ctags-debuginfo-5.8-23.el8.x86_64.rpm ctags-debugsource-5.8-23.el8.x86_64.rpm Red Hat Enterprise Linux CRB (v. 8): aarch64: ctags-debuginfo-5.8-23.el8.aarch64.rpm ctags-debugsource-5.8-23.el8.aarch64.rpm ctags-etags-5.8-23.el8.aarch64.rpm ppc64le: ctags-debuginfo-5.8-23.el8.ppc64le.rpm ctags-debugsource-5.8-23.el8.ppc64le.rpm ctags-etags-5.8-23.el8.ppc64le.rpm s390x: ctags-debuginfo-5.8-23.el8.s390x.rpm ctags-debugsource-5.8-23.el8.s390x.rpm ctags-etags-5.8-23.el8.s390x.rpm x86_64: ctags-debuginfo-5.8-23.el8.x86_64.rpm ctags-debugsource-5.8-23.el8.x86_64.rpm ctags-etags-5.8-23.el8.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2022-4515 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.8_release_notes/index 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBZGNwy9zjgjWX9erEAQghORAAhPcMdjAEpttsds8ljMdilMDa5xJqrylP iHC79nsZSbc3F3OfPmS8gAXVjlhCKReGjPzbvovn6ORaQJvl8I0KQOg26CBctXaC GcTn25EGPTU9pdMzZ6xgJEnSQxOPbSX4yvBaji+lVWTC82OKgPFRHtaz26ETLzZh ADCzVpQN3SpfczLMhT/gEZ4WvWWbKm8MY/luUVIIUNXz2lj1CHQowGQSawgWEf7C pp284YwGjxwjSkEvKZ8zLYnzWgjHz9Ji52sa1onMcpgIG7MM7V6mVhb7g5UL5Mk9 nPIPrh45RqYhVndChF69+F2fSPyB4anWBvcrKxNHGprW5reQSmqXKI/PxV0Dv6lR c5vU/UOwRxcHWxzGOcHOCqPD0R7l/Tt3VvKhkXkB2CAzjoSmfB2ELom8PjSj9riv NCvxXBgMqPXBmvYwVFrFsYvGaAHkWVYB7K6fU9TyPl/USjBHl7aesq54Ao++KpML MObFechEMnP1KEg3WT9oIf7RCpvDZrNzZ4/c2dCfsSLlACxNSVaMskMvOpJN5LCQ Gm+WijvaAvG2fZV9gPr0WY4bAl5TdYfIAB0keSETxZIsCa5uwu+oS7KJw1TaNAmG qy9J/0SpmxiJYtafATiCbzJLHEKCx0TEtvnuhgXP/yqmh3kals4Q341zvMya+FSx shMaekwTT6QŒS/ -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce