UbuntuUpdates.org

Package "less"

Name: less

Description:

pager program similar to more

Latest version: 590-2ubuntu2.1
Release: noble (24.04)
Level: security
Repository: main
Homepage: http://www.greenwoodsoftware.com/less/

Links


Download "less"


Other versions of "less" in Noble

Repository Area Version
base main 590-2ubuntu2
updates main 590-2ubuntu2.1

Changelog

Version: 590-2ubuntu2.1 2024-04-29 12:07:03 UTC

  less (590-2ubuntu2.1) noble-security; urgency=medium

  * SECURITY UPDATE: Arbitrary command execution
    - debian/patches/CVE-2024-32487.patch: Fix bug when viewing a file
      whose name contains a newline.
    - CVE-2024-32487

 -- Fabian Toepfer <email address hidden> Sun, 28 Apr 2024 13:44:40 +0200

CVE-2024-32487 less through 653 allows OS command execution via a newline character in the name of a file, because quoting is mishandled in filename.c. Exploitation



About   -   Send Feedback to @ubuntu_updates