less could be made run programs as your login if it opened a specially
crafted file.
Software Description:
- less: pager program similar to more
Details:
It was discovered that less mishandled newline characters in file names. If
a user or automated system were tricked into opening specially crafted
files, an attacker could possibly use this issue to execute arbitrary
commands on the host.
The problem can be corrected by updating your system to the following package versions: Ubuntu 24.04 LTS less 590-2ubuntu2.1 Ubuntu 23.10 less 590-2ubuntu0.23.10.2 Ubuntu 22.04 LTS less 590-1ubuntu0.22.04.3 Ubuntu 20.04 LTS less 551-1ubuntu0.3 Ubuntu 18.04 LTS less 487-0.1ubuntu0.1~esm2 Available with Ubuntu Pro Ubuntu 16.04 LTS less 481-2.1ubuntu0.2+esm2 Available with Ubuntu Pro Ubuntu 14.04 LTS less 458-2ubuntu0.1~esm1 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes.
https://ubuntu.com/security/notices/USN-6756-1
CVE-2024-32487
Get the latest Linux and open source security news straight to your inbox.