less-590-4.el9_4

エラータID: AXSA:2024-8144:04

Release date: 
Thursday, June 13, 2024 - 12:17
Subject: 
less-590-4.el9_4
Affected Channels: 
MIRACLE LINUX 9 for x86_64
Severity: 
High
Description: 

The "less" utility is a text file browser that resembles "more", but allows users to move backwards in the file as well as forwards. Since "less" does not read the entire input file at startup, it also starts more quickly than ordinary text editors.

Security Fix(es):

* less: OS command injection (CVE-2024-32487)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2024-32487
less through 653 allows OS command execution via a newline character in the name of a file, because quoting is mishandled in filename.c. Exploitation typically requires use with attacker-controlled file names, such as the files extracted from an untrusted archive. Exploitation also requires the LESSOPEN environment variable, but this is set by default in many common cases.

Solution: 

Update packages.

CVEs: 
CVE-2024-32487
less through 653 allows OS command execution via a newline character in the name of a file, because quoting is mishandled in filename.c. Exploitation typically requires use with attacker-controlled file names, such as the files extracted from an untrusted archive. Exploitation also requires the LESSOPEN environment variable, but this is set by default in many common cases.
Additional Info: 

N/A

Download: 

SRPMS
  1. less-590-4.el9_4.src.rpm
    MD5: b4dfd3a6672463825c997b049125fc17
    SHA-256: 7dad88abd0a609091d3a2eacec729f9005795f2d8c46bed03d96cdb832def973
    Size: 374.48 kB

Asianux Server 9 for x86_64
  1. less-590-4.el9_4.x86_64.rpm
    MD5: 28afc8befd39f214d3cbd7eb4d612e31
    SHA-256: 8202d27c157b5bde085e0a687f832f1b7d1b1ad8b3a1a64f73f6a90a74e7b8ba
    Size: 164.64 kB