Security update for ctags

Announcement ID:	SUSE-SU-2016:2097-1
Rating:	low
References:	bsc#899486 bsc#976920
Cross-References:	CVE-2014-7204
CVSS scores:
Affected Products:	SUSE Linux Enterprise Desktop 12 SP1 SUSE Linux Enterprise Server 12 SP1 SUSE Linux Enterprise Server for SAP Applications 12 SP1

An update that solves one vulnerability and has one security fix can now be installed.

Description:

This update for ctags fixes the following issues:

• CVE-2014-7204: Potential denial of service (infinite loop and CPU and disk consumption) via a crafted JavaScript file. (bsc#899486)
• Missing Requires(post) on coreutils as it is using rm(1). (bsc#976920)

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

• SUSE Linux Enterprise Desktop 12 SP1
  zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1239=1
• SUSE Linux Enterprise Server for SAP Applications 12 SP1
  zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1239=1
• SUSE Linux Enterprise Server 12 SP1
  zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1239=1

Package List:

• SUSE Linux Enterprise Desktop 12 SP1 (x86_64)
  • ctags-5.8-7.1
  • ctags-debugsource-5.8-7.1
  • ctags-debuginfo-5.8-7.1
• SUSE Linux Enterprise Server for SAP Applications 12 SP1 (ppc64le x86_64)
  • ctags-5.8-7.1
  • ctags-debugsource-5.8-7.1
  • ctags-debuginfo-5.8-7.1
• SUSE Linux Enterprise Server 12 SP1 (ppc64le s390x x86_64)
  • ctags-5.8-7.1
  • ctags-debugsource-5.8-7.1
  • ctags-debuginfo-5.8-7.1

References:

• https://www.suse.com/security/cve/CVE-2014-7204.html
• https://bugzilla.suse.com/show_bug.cgi?id=899486
• https://bugzilla.suse.com/show_bug.cgi?id=976920