UbuntuUpdates.org

Package "less"

Name: less

Description:

pager program similar to more
Latest version: 590-2ubuntu0.23.10.2
Release: mantic (23.10)
Level: updates
Repository: main
Homepage: http://www.greenwoodsoftware.com/less/

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "less"

32-bit deb package
64-bit deb package
APT INSTALL

Other versions of "less" in Mantic

Repository Area Version
base main 590-2
security main 590-2ubuntu0.23.10.2

Changelog

Version: 590-2ubuntu0.23.10.2 2024-04-29 13:07:03 UTC

  less (590-2ubuntu0.23.10.2) mantic-security; urgency=medium

  * SECURITY UPDATE: Arbitrary command execution
    - debian/patches/CVE-2024-32487.patch: Fix bug when viewing a file
      whose name contains a newline.
    - CVE-2024-32487

 -- Fabian Toepfer <email address hidden> Sat, 27 Apr 2024 22:24:28 +0200
Source diff to previous version
CVE-2024-32487 less through 653 allows OS command execution via a newline character in the name of a file, because quoting is mishandled in filename.c. Exploitation

Version: 590-2ubuntu0.23.10.1 2024-02-27 20:06:59 UTC

  less (590-2ubuntu0.23.10.1) mantic-security; urgency=medium

  * SECURITY UPDATE: Unsafe call and Possibly arbitrary code execution
    - debian/patches/CVE-2022-48624.patch: add shell-quote
      the filename when invoking LESSCLOSE in filename.c.
    - CVE-2022-48624

 -- Leonidas Da Silva Barbosa <email address hidden> Tue, 20 Feb 2024 10:42:01 -0300
CVE-2022-48624 close_altfile in filename.c in less before 606 omits shell_quote calls for LESSCLOSE.


About   -   Send Feedback to @ubuntu_updates