========================================================================== Ubuntu Security Notice USN-6756-1 April 29, 2024
less vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 24.04 LTS - Ubuntu 23.10 - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS - Ubuntu 14.04 LTS Summary: less could be made run programs as your login if it opened a specially crafted file. Software Description: - less: pager program similar to more Details: It was discovered that less mishandled newline characters in file names. If a user or automated system were tricked into opening specially crafted files, an attacker could possibly use this issue to execute arbitrary commands on the host. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 24.04 LTS less 590-2ubuntu2.1 Ubuntu 23.10 less 590-2ubuntu0.23.10.2 Ubuntu 22.04 LTS less 590-1ubuntu0.22.04.3 Ubuntu 20.04 LTS less 551-1ubuntu0.3 Ubuntu 18.04 LTS less 487-0.1ubuntu0.1~esm2 Available with Ubuntu Pro Ubuntu 16.04 LTS less 481-2.1ubuntu0.2+esm2 Available with Ubuntu Pro Ubuntu 14.04 LTS less 458-2ubuntu0.1~esm1 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-6756-1 CVE-2024-32487 Package Information: https://launchpad.net/ubuntu/+source/less/590-2ubuntu2.1 https://launchpad.net/ubuntu/+source/less/590-2ubuntu0.23.10.2 https://launchpad.net/ubuntu/+source/less/590-1ubuntu0.22.04.3 https://launchpad.net/ubuntu/+source/less/551-1ubuntu0.3
OpenPGP_signature.asc
Description: OpenPGP digital signature
