UbuntuUpdates.org

Package "less"

Name: less

Description:

pager program similar to more
Latest version: 590-1ubuntu0.22.04.3
Release: jammy (22.04)
Level: security
Repository: main
Homepage: http://www.greenwoodsoftware.com/less/

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "less"

32-bit deb package
64-bit deb package
APT INSTALL

Other versions of "less" in Jammy

Repository Area Version
base main 590-1build1
updates main 590-1ubuntu0.22.04.3

Changelog

Version: 590-1ubuntu0.22.04.3 2024-04-29 12:07:00 UTC

  less (590-1ubuntu0.22.04.3) jammy-security; urgency=medium

  * SECURITY UPDATE: Arbitrary command execution
    - debian/patches/CVE-2024-32487.patch: Fix bug when viewing a file
      whose name contains a newline.
    - CVE-2024-32487

 -- Fabian Toepfer <email address hidden> Sat, 27 Apr 2024 22:32:45 +0200
Source diff to previous version
CVE-2024-32487 less through 653 allows OS command execution via a newline character in the name of a file, because quoting is mishandled in filename.c. Exploitation

Version: 590-1ubuntu0.22.04.2 2024-02-27 19:06:53 UTC

  less (590-1ubuntu0.22.04.2) jammy-security; urgency=medium

  * SECURITY UPDATE: Unsafe call and Possibly arbitrary code execution
    - debian/patches/CVE-2022-48624.patch: add shell-quote
      the filename when invoking LESSCLOSE in filename.c.
    - CVE-2022-48624

 -- Leonidas Da Silva Barbosa <email address hidden> Tue, 20 Feb 2024 10:07:43 -0300
Source diff to previous version
CVE-2022-48624 close_altfile in filename.c in less before 606 omits shell_quote calls for LESSCLOSE.

Version: 590-1ubuntu0.22.04.1 2023-02-09 08:06:55 UTC

  less (590-1ubuntu0.22.04.1) jammy-security; urgency=medium

  * SECURITY UPDATE: fix OSC8 hyperlinks with invalid escape sequence
    - debian/patches/CVE-2022-46663: End OSC8 hyperlinks on invalid embedded
      escape sequence
    - CVE-2022-46663

 -- David Lane <email address hidden> Tue, 07 Feb 2023 16:39:19 +1100
CVE-2022-46663 In GNU Less before 609, crafted data can result in "less -R" not filtering ANSI escape sequences sent to the terminal.


About   -   Send Feedback to @ubuntu_updates