Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 8 articles for you...
172
security advisorydenial of serviceUbuntuUbuntu 14.04 LTS less Important Denial of Service Vuln USN-8079-1
less could be made to crash or run arbitrary commands if it received crafted input.. ========================================================================== Ubuntu Security Notice USN-8079-1 March 05, 2026 less vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 14.04 LTS Summary: less could be made to crash or run arbitrary commands if it received crafted input. Software Description: - less: pager program similar to more Details: It was discovered that less incorrectly handled certain file names. An attacker could possibly use this issue to cause a denial of service or execute arbitrary commands. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 14.04 LTS less 458-2ubuntu0.1~esm2 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-8079-1 CVE-2022-48624 . Update your Ubuntu 14.04 LTS to fix less command vulnerability causing potential crashing and arbitrary command execution.. Ubuntu Security Notice, less command vulnerability, Denial of Service Ubuntu. . Severity: Important. LinuxSecurity.com Team
Mar 06, 2026
•Important
Ubuntu
203
security advisoryupdatebug fixMageia 9: Minimal Bug Fix Advisory MGAA-2025-0107 Issued
MGAA-2025-0107 - Updated less package fixes bug. MGAA-2025-0107 - Updated less package fixes bug Publication date: 29 Dec 2025 URL: https://advisories.mageia.org/MGAA-2025-0107.html Type: bugfix Affected Mageia releases: 9 Description: The current version does not set the environment variable LESSOPEN which means that you can't view gz, bz2, lzma, zip, rpm, html, etc. files. This update fixes the reported issue. After the update you should close the terminal emulator in use for the fix to take effect. References: - https://bugs.mageia.org/show_bug.cgi?id=34892 SRPMS: - 9/core/less-678-1.2.mga9 . An update to the less package in Mageia fixes a crucial bug affecting file viewing functionality. Install now!. less package update,Mageia fix,bug resolution,Mageia updates. . Severity: Informational. LinuxSecurity.com Team
Dec 29, 2025
•Informational
Mageia
100
security advisorybug fixDoSSUSE: 2025:20394-1 important: less software crash updates
* bsc#1047218 * bsc#1222849 * bsc#915387 Cross-References: . # Security update for less Announcement ID: SUSE-SU-2025:20394-1 Release Date: 2025-06-08T13:39:11Z Rating: important References: * bsc#1047218 * bsc#1222849 * bsc#915387 Cross-References: * CVE-2024-32487 CVSS scores: * CVE-2024-32487 ( SUSE ): 8.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.1 An update that solves one vulnerability and has two fixes can now be installed. ## Description: This update for less fixes the following issues: * Updated to version 668 * Fixed crash when using --header on command line * Fixed possible crash when scrolling left/right or toggling -S * Fixed bug when using #stop in a lesskey file * Fixed bug when using --shift or --match-shift on command line with a parameter starting with '.' * Fixed bug in R command when file size changes * Fixed bug using --header when file does not fill screen * Fixed ^X bug when output is not a terminal * Fixed bug where ^Z is not handled immediately * Fixed bug where first byte from a LESSOPEN filter is deleted if it is greater than 0x7F * Fixed uninitialized variable in edit_ifile * Fixed incorrect handling of UTF-8 chars in prompts * Change preprocessor dependencies from Requires to Recommends. It's disabled by default and they are not necessary for less. * Updated to version 661: * fixed crash - buffer overflow by one in fexpand * fixed free(): double free detected in tcache 2 * fixed segmentation fault on line-num-width & -N * Updated to version 656: * Add ^O^N, ^O^P, ^O^L and ^O^O commands and mouse clicks (with --mouse) to find and open OSC8 hyperlinks (github #251). * Add --match-shift option. * Add --lesskey-content option (github #447). * Add LESSKEY_CONTENT environment variable (github #447). * Add --no-search-header-lines and --no-search-header-columns options (github #397). * Add ctrl-L search modifier (github #367). * A ctrl-P at the start of a shell command suppresses the "done" message (github #462). * Add attribute characters ('*', '~', '_', '&') to --color parameter (github #471). * Allow expansion of environment variables in lesskey files. * Add LESSSECURE_ALLOW environment variable (github #449). * Add LESS_UNSUPPORT environment variable. * Add line number parameter to --header option (github #436). * Mouse right-click jumps to position marked by left-click (github #390). * Ensure that the target line is not obscured by a header line set by --header (github #444). * Change default character set to "utf-8", except remains "dos" on MS-DOS. * Add message when search with ^W wraps (github #459). * UCRT builds on Windows 10 and later now support Unicode file names (github #438). * Improve behavior of interrupt while reading non-terminated pipe (github #414). * Improve parsing of -j, -x and -# options (github #393). * Support files larger than 4GB on Windows (github #417). * Support entry of Unicode chars larger than U+FFFF on Windows (github #391). * Improve colors of bold, underline and standout text on Windows. * Allow --rscroll to accept non-ASCII characters (github #483). * Allow the parameter to certain options to be terminated with a space (--color, --quotes, --rscroll, --search-options and --intr) (github #495). * Fix bug where # substitution failed after viewing help (github #420). * Fix crash if files are deleted while less is viewing them (github #404). * Workaround unreliable ReadConsoleInputW behavior on Windows with non-ASCII input. * Fix -J display when searching for non-ASCII characters (github #422). * Don't filter header lines via the & command (github #423). * Fix bug when horizontally shifting long lines (github #425). * Add -x and -D options to lesstest, to make it easier to diagnose a failed lesstest run. * Fix bug searching long lines with --incsearch and -S (github #428). * Fix bug that made ESC-} fail if top line onscreen was empty (github #429). * Fix bug with --mouse on Windows when used with pipes (github #440). * Fix bug in --+OPTION command line syntax. * Fix display bug when using -w with an empty line with a CR/LF line ending (github #474). * When substituting '#' or '%' with a filename, quote the filename if it contains a space (github #480). * Fix wrong sleep time when system has usleep but not nanosleep (github #489). * Fix bug when file name contains a newline (CVE-2024-32487, bsc#1222849). * Fix bug when file name contains nonprintable characters (github #503). * Fix DJGPP build (github #497). * Update Unicode tables. * add zstd support to lessopen * Updated to 643: * Fixed problem when a program piping into less reads from the tty, like sudo asking for password (github #368). * Fixed search modifier ^E after ^W. * Fixed bug using negated (^N) search (github #374). * Fixed bug setting colors with -D on Windows build (github #386). * Fixed reading special chars like PageDown on Windows (github #378). * Fixed mouse wheel scrolling on Windows (github #379). * Fixed erroneous EOF when terminal window size changes (github #372). * Fixed compile error with some definitions of ECHONL (github #395). * Fixed crash on Windows when writing logfile (github #405). * Fixed regression in exit code when stdin is /dev/null and output is a file (github #373). * Add lesstest test suite to production release (github #344). * Change lesstest output to conform with automake Simple Test Format (github #399). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-139=1 ## Package List: * SUSE Linux Micro 6.1 (aarch64 ppc64le s390x x86_64) * less-668-slfo.1.1_1.1 * less-debuginfo-668-slfo.1.1_1.1 *less-debugsource-668-slfo.1.1_1.1 ## References: * https://www.suse.com/security/cve/CVE-2024-32487.html * https://bugzilla.suse.com/show_bug.cgi?id=1047218 * https://bugzilla.suse.com/show_bug.cgi?id=1222849 * https://bugzilla.suse.com/show_bug.cgi?id=915387 . A crucial patch has been released targeting several stability issues and enhancing performance on SUSE platforms.. SUSE Linux Micro Security Update, CVE-2024-32487, Important Patches. . Severity: Important. LinuxSecurity.com Team
Jun 13, 2025
•Important
SuSE
100
security advisoryimportantSUSESUSE Linux Micro 6.0: 2025:20007-1 important: OS command execution
* bsc#1222849 Cross-References: * CVE-2024-32487 . # Security update for less Announcement ID: SUSE-SU-2025:20007-1 Release Date: 2025-02-03T08:47:39Z Rating: important References: * bsc#1222849 Cross-References: * CVE-2024-32487 CVSS scores: * CVE-2024-32487 ( SUSE ): 8.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.0 An update that solves one vulnerability can now be installed. ## Description: This update for less fixes the following issues: * CVE-2024-32487: Fix a bug where mishandling of \n character in paths when LESSOPEN is set leads to OS command execution. (bsc#1222849) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.0 zypper in -t patch SUSE-SLE-Micro-6.0-7=1 ## Package List: * SUSE Linux Micro 6.0 (aarch64 s390x x86_64) * less-debugsource-633-3.1 * less-633-3.1 * less-debuginfo-633-3.1 ## References: * https://www.suse.com/security/cve/CVE-2024-32487.html * https://bugzilla.suse.com/show_bug.cgi?id=1222849 . SUSE security patch tackles CVE-2024-32488 by resolving command injection vulnerabilities in wc. Maintain your security!. SUSE Linux Micro, CVE-2024-32487, OS command execution, security update. . Severity: Important. LinuxSecurity.com Team
Jun 04, 2025
•Important
SuSE
89
security advisoryFedorasecurity fixFedora 40: 2024-08-29 Advisory for Less Command Injection Risk
Security fix for CVE-2024-32487 - less with LESSOPEN mishandles \n in paths. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2024-c0e7a4f5ef 2024-08-29 01:34:09.482312 -------------------------------------------------------------------------------- Name : less Product : Fedora 40 Version : 643 Release : 6.fc40 URL : https://www.greenwoodsoftware.com/less/ Summary : A text file browser similar to more, but better Description : The less utility is a text file browser that resembles more, but has more capabilities. Less allows you to move backwards in the file as well as forwards. Since less doesn't have to read the entire input file before it starts, less starts up more quickly than text editors (for example, vi). You should install less because it is a basic utility for viewing text files, and you'll use it frequently. -------------------------------------------------------------------------------- Update Information: Security fix for CVE-2024-32487 - less with LESSOPEN mishandles \n in paths -------------------------------------------------------------------------------- ChangeLog: * Wed Aug 21 2024 Michal Hlavinka - 643-6 - fix CVE-2024-32487 - less with LESSOPEN mishandles \n in paths (#2274981) * Sat Jul 27 2024 Michal Hlavinka - 643-5 - fix incorrect display when filename contains control chars -------------------------------------------------------------------------------- References: [ 1 ] Bug #2274980 - CVE-2024-32487 less: OS command injection https://bugzilla.redhat.com/show_bug.cgi?id=2274980 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-c0e7a4f5ef' at the command line. For more information, refer to the dnf documentation availableat http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Aug 29, 2024
•Critical
Fedora
100
security advisoryimportantos command executionSUSE Linux: 2024:1598-2 Important: OS Command Execution in Less
* bsc#1222849 Cross-References: * CVE-2024-32487 . # Security update for less Announcement ID: SUSE-SU-2024:1598-2 Rating: important References: * bsc#1222849 Cross-References: * CVE-2024-32487 CVSS scores: * CVE-2024-32487 ( SUSE ): 8.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise Micro 5.5 An update that solves one vulnerability can now be installed. ## Description: This update for less fixes the following issues: * CVE-2024-32487: Fixed mishandling of \n character in paths when LESSOPEN is set leads to OS command execution. (bsc#1222849) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2024-1598=1 ## Package List: * SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64) * less-debuginfo-590-150400.3.9.1 * less-590-150400.3.9.1 * less-debugsource-590-150400.3.9.1 ## References: * https://www.suse.com/security/cve/CVE-2024-32487.html * https://bugzilla.suse.com/show_bug.cgi?id=1222849 . This patch for Ubuntu addresses a vulnerability in grep, given a CVSS score of 7.9, resolving potential command injection threats.. SUSE Linux, less command, security update, CVE-2024-32487. . Severity: Important. LinuxSecurity.com Team
Jul 31, 2024
•Important
SuSE
197
security advisorydebiancommand executionDebian 10 Buster DLA-3823-1 Critical: Less Command Execution Risk
Security vulnerabilities were found in less, a pager program similar to more, which could result in arbitrary command execution when processing files with crafted names. . ------------------------------------------------------------------------- Debian LTS Advisory DLA-3823-1
May 27, 2024
•Critical
Debian LTS
100
security advisoryupdateimportantSUSE: 2024:1598-1 Important: Less OS Command Execution Threat
* bsc#1222849 Cross-References: * CVE-2024-32487 . # Security update for less Announcement ID: SUSE-SU-2024:1598-1 Rating: important References: * bsc#1222849 Cross-References: * CVE-2024-32487 CVSS scores: * CVE-2024-32487 ( SUSE ): 8.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H Affected Products: * Basesystem Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * openSUSE Leap Micro 5.3 * openSUSE Leap Micro 5.4 * SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves one vulnerability can now be installed. ## Description: This update for less fixes the following issues: * CVE-2024-32487: Fixed mishandling of \n character in paths when LESSOPEN is set leads to OS command execution. (bsc#1222849) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2024-1598=1 * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2024-1598=1 *openSUSE Leap Micro 5.4 zypper in -t patch openSUSE-Leap-Micro-5.4-2024-1598=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2024-1598=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2024-1598=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2024-1598=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2024-1598=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2024-1598=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2024-1598=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2024-1598=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2024-1598=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2024-1598=1 * SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 zypper in -t patch SUSE-SLE-Product-SLED-15-SP4-LTSS-2024-1598=1 * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1598=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2024-1598=1 * SUSE Manager Proxy 4.3 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-2024-1598=1 * SUSE Manager Retail Branch Server 4.3 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.3-2024-1598=1 * SUSE Manager Server 4.3 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.3-2024-1598=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * less-debuginfo-590-150400.3.9.1 * less-590-150400.3.9.1 * less-debugsource-590-150400.3.9.1 * openSUSE Leap Micro 5.3 (aarch64 x86_64) * less-debuginfo-590-150400.3.9.1 *less-590-150400.3.9.1 * less-debugsource-590-150400.3.9.1 * openSUSE Leap Micro 5.4 (aarch64 s390x x86_64) * less-debuginfo-590-150400.3.9.1 * less-590-150400.3.9.1 * less-debugsource-590-150400.3.9.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * less-debuginfo-590-150400.3.9.1 * less-590-150400.3.9.1 * less-debugsource-590-150400.3.9.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * less-debuginfo-590-150400.3.9.1 * less-590-150400.3.9.1 * less-debugsource-590-150400.3.9.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * less-debuginfo-590-150400.3.9.1 * less-590-150400.3.9.1 * less-debugsource-590-150400.3.9.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * less-debuginfo-590-150400.3.9.1 * less-590-150400.3.9.1 * less-debugsource-590-150400.3.9.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * less-debuginfo-590-150400.3.9.1 * less-590-150400.3.9.1 * less-debugsource-590-150400.3.9.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 s390x x86_64) * less-debuginfo-590-150400.3.9.1 * less-590-150400.3.9.1 * less-debugsource-590-150400.3.9.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * less-debuginfo-590-150400.3.9.1 * less-590-150400.3.9.1 * less-debugsource-590-150400.3.9.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * less-debuginfo-590-150400.3.9.1 * less-590-150400.3.9.1 * less-debugsource-590-150400.3.9.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * less-debuginfo-590-150400.3.9.1 * less-590-150400.3.9.1 * less-debugsource-590-150400.3.9.1 * SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 (x86_64) * less-debuginfo-590-150400.3.9.1 * less-590-150400.3.9.1 * less-debugsource-590-150400.3.9.1 * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (aarch64 ppc64le s390x x86_64) *less-debuginfo-590-150400.3.9.1 * less-590-150400.3.9.1 * less-debugsource-590-150400.3.9.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * less-debuginfo-590-150400.3.9.1 * less-590-150400.3.9.1 * less-debugsource-590-150400.3.9.1 * SUSE Manager Proxy 4.3 (x86_64) * less-debuginfo-590-150400.3.9.1 * less-590-150400.3.9.1 * less-debugsource-590-150400.3.9.1 * SUSE Manager Retail Branch Server 4.3 (x86_64) * less-debuginfo-590-150400.3.9.1 * less-590-150400.3.9.1 * less-debugsource-590-150400.3.9.1 * SUSE Manager Server 4.3 (ppc64le s390x x86_64) * less-debuginfo-590-150400.3.9.1 * less-590-150400.3.9.1 * less-debugsource-590-150400.3.9.1 ## References: * https://www.suse.com/security/cve/CVE-2024-32487.html * https://bugzilla.suse.com/show_bug.cgi?id=1222849 . Recent findings highlight a critical CVE-2024-32487 vulnerability in SUSE systems allowing OS command execution. Users must apply updates promptly to enhance security. SUSE Security Advisory, Less Security Update, OS Command Execution, Runtime Commands. . Severity: Important. LinuxSecurity.com Team
May 10, 2024
•Important
SuSE
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!