[arch-security] [Arch Linux Security Advisory ASA-201410-11] ctags: Denial of service
Arch Linux Security Advisory ASA-201410-11 ========================================== Severity: Medium Date : 2014-10-24 CVE-ID : CVE-2014-7204 Package : ctags Type : Denial of service Remote : No Link : https://wiki.archlinux.org/index.php/CVE-2014 Summary ======= The package ctags before version 5.8-5 is vulnerable to denial of service. Resolution ========== Upgrade to 5.8-5. # pacman -Syu "ctags>=5.8-5" The problem has been fixed upstream [0] but no release version is available yet. Workaround ========== None. Description =========== Stefano Zacchiroli discovered a vulnerability in ctags, a tool to build tag file indexes of source code definitions: Certain JavaScript files cause ctags to enter an infinite loop until it runs out of disk space, resulting in denial of service. Impact ====== A local user can run out of disk space resulting in denial of service after running ctags on JavaScript files from an affected or specially prepared public repository. References ========== [0] http://sourceforge.net/p/ctags/code/791/ https://access.redhat.com/security/cve/CVE-2014-7204 https://bugs.archlinux.org/task/42246 http://www.openwall.com/lists/oss-security/2014/09/29/40
participants (1)
-
Levente Polyak