------------------------------------------------------------------------- Debian LTS Advisory DLA-3823-1 debian-...@lists.debian.org https://www.debian.org/lts/security/ Guilhem Moulin May 27, 2024 https://wiki.debian.org/LTS -------------------------------------------------------------------------
Package : less
Version : 487-0.1+deb10u1
CVE ID : CVE-2022-48624 CVE-2024-32487
Debian Bug : 1064293 1068938
Security vulnerabilities were found in less, a pager program similar to
more, which could result in arbitrary command execution when processing
files with crafted names.
CVE-2022-48624
It was discovered that LESSCLOSE handling in less did not quote
shell metacharacters.
CVE-2024-32487
It was discovered that filenames containing a newline character
could result in arbitrary command execution during input
preprocessor invocation.
For Debian 10 buster, these problems have been fixed in version
487-0.1+deb10u1.
We recommend that you upgrade your less packages.
For the detailed security status of less please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/less
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
signature.asc
Description: PGP signature
