Fedora has issued an advisory on October 1: https://lists.fedoraproject.org/pipermail/package-announce/2014-October/140349.html Patched packages uploaded for Mageia 3, Mageia 4, and Cauldron. Advisory: ======================== Updated ctags package fixes security vulnerability: A denial of service issue was discovered in ctags 5.8. A remote attacker could cause excessive CPU usage and disk space consumption via a crafted JavaScript file by triggering an infinite loop (CVE-2014-7204). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7204 https://lists.fedoraproject.org/pipermail/package-announce/2014-October/140349.html ======================== Updated packages in core/updates_testing: ======================== ctags-5.8-6.1.mga3 ctags-5.8-7.1.mga4 from SRPMS: ctags-5.8-6.1.mga3.src.rpm ctags-5.8-7.1.mga4.src.rpm Reproducible: Steps to Reproduce:
Whiteboard: (none) => MGA3TOO
Testing on mga4 x86_64 ctags-5.8-7.1.mga4 from Core Updates Testing. Not familiar with this package but managed to create a TAGS index file in my ruby directory by running "ctags -eR *" and then searched the file from within emacs. exuberant-ctags is an application designed to compile an index of various program constructs found in a specified set of files. There is support for a variety of languages including C, C++, Python and Ruby and programming tools such as emacs understand the format. It proves its worth in large software projects with a complex file hierarchy. Marking this as OK.
CC: (none) => tarazed25
Whiteboard: MGA3TOO => MGA3TOO MGA4-64-OK
My test procedure: create c code file hello_world.c: #include <stdio.h> main() { printf("Hello World\n"); return 0; } In terminal run: [wilcal@localhost ctags]$ ctags -R hello_world.c Generates file "tags" which contains: !_TAG_FILE_FORMAT 2 /extended format; --format=1 will not append ;" to lines/ !_TAG_FILE_SORTED 1 /0=unsorted, 1=sorted, 2=foldcase/ !_TAG_PROGRAM_AUTHOR Darren Hiebert /dhiebert@users.sourceforge.net/ !_TAG_PROGRAM_NAME Exuberant Ctags // !_TAG_PROGRAM_URL http://ctags.sourceforge.net /official site/ !_TAG_PROGRAM_VERSION 5.8 // main hello_world.c /^main()$/;" f
CC: (none) => wilcal.int
In VirtualBox, M4, KDE, 32-bit Package(s) under test: ctags default install of ctags [root@localhost wilcal]# urpmi ctags Package ctags-5.8-7.mga4.i586 is already installed Test procedure works erase file "tags" install ctags from updates_testing [root@localhost wilcal]# urpmi ctags Package ctags-5.8-7.1.mga4.i586 is already installed Test procedure works Test platform: Intel Core i7-2600K Sandy Bridge 3.4GHz GIGABYTE GA-Z68X-UD3-B3 LGA 1155 MoBo GIGABYTE GV-N440D3-1GI Nvidia GeForce GT 440 (Fermi) 1GB RTL8111/8168B PCI Express 1Gbit Ethernet DRAM 16GB (4 x 4GB) Mageia 4 64-bit, Nvidia driver virtualbox-4.3.10-1.1.mga4.x86_64 virtualbox-guest-additions-4.3.10-1.1.mga4.x86_64
Whiteboard: MGA3TOO MGA4-64-OK => MGA3TOO MGA4-32-OK MGA4-64-OK
In VirtualBox, M3, KDE, 32-bit Package(s) under test: ctags default install of ctags [root@localhost wilcal]# urpmi ctags Package ctags-5.8-6.mga3.i586 is already installed Test procedure works erase file "tags" install ctags from updates_testing [root@localhost wilcal]# urpmi ctags Package ctags-5.8-6.1.mga3.i586 is already installed Test procedure works Test platform: Intel Core i7-2600K Sandy Bridge 3.4GHz GIGABYTE GA-Z68X-UD3-B3 LGA 1155 MoBo GIGABYTE GV-N440D3-1GI Nvidia GeForce GT 440 (Fermi) 1GB RTL8111/8168B PCI Express 1Gbit Ethernet DRAM 16GB (4 x 4GB) Mageia 4 64-bit, Nvidia driver virtualbox-4.3.10-1.1.mga4.x86_64 virtualbox-guest-additions-4.3.10-1.1.mga4.x86_64
Whiteboard: MGA3TOO MGA4-32-OK MGA4-64-OK => MGA3TOO MGA4-32-OK MGA4-64-OK MGA3-32-OK
In VirtualBox, M3, KDE, 64-bit Package(s) under test: ctags default install of ctags [root@localhost ctags]# urpmi ctags Package ctags-5.8-6.mga3.x86_64 is already installed Test procedure works erase file "tags" install ctags from updates_testing [root@localhost wilcal]# urpmi ctags Package ctags-5.8-6.1.mga3.x86_64 is already installed Test procedure works Test platform: Intel Core i7-2600K Sandy Bridge 3.4GHz GIGABYTE GA-Z68X-UD3-B3 LGA 1155 MoBo GIGABYTE GV-N440D3-1GI Nvidia GeForce GT 440 (Fermi) 1GB RTL8111/8168B PCI Express 1Gbit Ethernet DRAM 16GB (4 x 4GB) Mageia 4 64-bit, Nvidia driver virtualbox-4.3.10-1.1.mga4.x86_64 virtualbox-guest-additions-4.3.10-1.1.mga4.x86_64
Whiteboard: MGA3TOO MGA4-32-OK MGA4-64-OK MGA3-32-OK => MGA3TOO MGA4-32-OK MGA4-64-OK MGA3-32-OK MGA3-64-OK
For us this update works fine. Testing complete for mga3 32-bit & 64-bit Testing complete for mga4 32-bit & 64-bit So without further ado I'm validating the update. Thank you Len. Could someone from the sysadmin team push this to updates. Thanks
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugs
Advisory uploaded.
Whiteboard: MGA3TOO MGA4-32-OK MGA4-64-OK MGA3-32-OK MGA3-64-OK => MGA3TOO MGA4-32-OK MGA4-64-OK MGA3-32-OK MGA3-64-OK advisory
An update for this issue has been pushed to Mageia Updates repository. http://advisories.mageia.org/MGASA-2014-0415.html
Status: NEW => RESOLVEDResolution: (none) => FIXED