less-530-3.el8_10
エラータID: AXSA:2024-8510:05
The "less" utility is a text file browser that resembles "more", but allows users to move backwards in the file as well as forwards. Since "less" does not read the entire input file at startup, it also starts more quickly than ordinary text editors.
Security Fix(es):
* less: OS command injection (CVE-2024-32487)
* less: missing quoting of shell metacharacters in LESSCLOSE handling (CVE-2022-48624)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
CVE-2022-48624
close_altfile in filename.c in less before 606 omits shell_quote calls for LESSCLOSE.
CVE-2024-32487
less through 653 allows OS command execution via a newline character in the name of a file, because quoting is mishandled in filename.c. Exploitation typically requires use with attacker-controlled file names, such as the files extracted from an untrusted archive. Exploitation also requires the LESSOPEN environment variable, but this is set by default in many common cases.
Update packages.
less through 653 allows OS command execution via a newline character in the name of a file, because quoting is mishandled in filename.c. Exploitation typically requires use with attacker-controlled file names, such as the files extracted from an untrusted archive. Exploitation also requires the LESSOPEN environment variable, but this is set by default in many common cases.
N/A
SRPMS
- less-530-3.el8_10.src.rpm
MD5: f1b144debfd3b797142aca6f92493994
SHA-256: 024e62889d290fb9e903102debc0a512296f4cbdcb96358a635b1c600385ef3f
Size: 371.51 kB
Asianux Server 8 for x86_64
- less-530-3.el8_10.x86_64.rpm
MD5: 051a94fff83428b53e2579ca4751dcfb
SHA-256: 038ac7fc49a39fdaa5417e4a231c6d2087aa33da02836e0e581d483972c66c82
Size: 163.16 kB
日本語