Explore top 10 tips to secure your open-source projects now. Read More
×
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
The "less" utility is a text file browser that resembles "more", but allows
users to move backwards in the file as well as forwards. Since "less" does
not read the entire input file at startup, it also starts more quickly than
ordinary text editors.
Security Fix(es):
* less: crafted data can result in "less -R" not filtering ANSI escape
sequences sent to the terminal (CVE-2022-46663)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
https://access.redhat.com/security/cve/CVE-2022-46663 https://access.redhat.com/security/updates/classification#moderate
Red Hat Enterprise Linux BaseOS (v. 9):
Source:
less-590-2.el9_2.src.rpm
aarch64:
less-590-2.el9_2.aarch64.rpm
less-debuginfo-590-2.el9_2.aarch64.rpm
less-debugsource-590-2.el9_2.aarch64.rpm
ppc64le:
less-590-2.el9_2.ppc64le.rpm
less-debuginfo-590-2.el9_2.ppc64le.rpm
less-debugsource-590-2.el9_2.ppc64le.rpm
s390x:
less-590-2.el9_2.s390x.rpm
less-debuginfo-590-2.el9_2.s390x.rpm
less-debugsource-590-2.el9_2.s390x.rpm
x86_64:
less-590-2.el9_2.x86_64.rpm
less-debuginfo-590-2.el9_2.x86_64.rpm
less-debugsource-590-2.el9_2.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key
An update for less is now available for Red Hat Enterprise Linux 9.Red Hat Product Security has rated this update as having a security impactof Moderate. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available for each vulnerability fromthe CVE link(s) in the References section.
Red Hat Enterprise Linux BaseOS (v. 9) - aarch64, ppc64le, s390x, x86_64
2169621 - CVE-2022-46663 less: crafted data can result in "less -R" not filtering ANSI escape sequences sent to the terminal
Get the latest Linux and open source security news straight to your inbox.