UbuntuUpdates.org

Package "less"

Name: less

Description:

pager program similar to more

Latest version: 590-1ubuntu0.22.04.2
Release: jammy (22.04)
Level: security
Repository: main
Homepage: http://www.greenwoodsoftware.com/less/

Links


Download "less"


Other versions of "less" in Jammy

Repository Area Version
base main 590-1build1
updates main 590-1ubuntu0.22.04.2

Changelog

Version: 590-1ubuntu0.22.04.2 2024-02-27 19:06:53 UTC

  less (590-1ubuntu0.22.04.2) jammy-security; urgency=medium

  * SECURITY UPDATE: Unsafe call and Possibly arbitrary code execution
    - debian/patches/CVE-2022-48624.patch: add shell-quote
      the filename when invoking LESSCLOSE in filename.c.
    - CVE-2022-48624

 -- Leonidas Da Silva Barbosa <email address hidden> Tue, 20 Feb 2024 10:07:43 -0300

Source diff to previous version
CVE-2022-48624 close_altfile in filename.c in less before 606 omits shell_quote calls for LESSCLOSE.

Version: 590-1ubuntu0.22.04.1 2023-02-09 08:06:55 UTC

  less (590-1ubuntu0.22.04.1) jammy-security; urgency=medium

  * SECURITY UPDATE: fix OSC8 hyperlinks with invalid escape sequence
    - debian/patches/CVE-2022-46663: End OSC8 hyperlinks on invalid embedded
      escape sequence
    - CVE-2022-46663

 -- David Lane <email address hidden> Tue, 07 Feb 2023 16:39:19 +1100

CVE-2022-46663 In GNU Less before 609, crafted data can result in "less -R" not filtering ANSI escape sequences sent to the terminal.



About   -   Send Feedback to @ubuntu_updates