Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 735
Alerts This Week
Warning Icon 1 735

Ubuntu 23.10 USN-6664-1 Moderate: less Arbitrary Command Execution

ubuntu
Calendar Grey February 27, 2024
Dist Ubuntu Esm H88
Ubuntu systems have a severe vulnerability in core utilities that may enable unauthorized access and data breaches by attackers. Immediate user updates are crucial.
less could be made to crash or run arbitrary commands if it receive a crafted input.

Summary

less could be made to crash or run arbitrary commands if it receive

a crafted input.

Software Description:

- less: pager program similar to more

Details:

It was discovered that less incorrectly handled certain file names.

An attacker could possibly use this issue to cause a crash or execute

arbitrary commands.

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 23.10:
  less                            590-2ubuntu0.23.10.1

Ubuntu 22.04 LTS:
  less                            590-1ubuntu0.22.04.2

Ubuntu 20.04 LTS:
  less                            551-1ubuntu0.2

Ubuntu 18.04 LTS (Available with Ubuntu Pro):
  less                            487-0.1ubuntu0.1~esm1

Ubuntu 16.04 LTS (Available with Ubuntu Pro):
  less                            481-2.1ubuntu0.2+esm1

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-6664-1

CVE-2022-48624

Severity
important
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-6664-1

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.