Lucene search
AmazonALAS-2024-2547HistoryMay 23, 2024 - 10:04 p.m.
Important: less
2024-05-2322:04:00
alas.aws.amazon.com
3
os command execution
newline character
file handling
untrusted archive
lessopen environment variable
amazon linux 2
yum update
red hat
mitre
unix
Issue Overview:
less through 653 allows OS command execution via a newline character in the name of a file, because quoting is mishandled in filename.c. Exploitation typically requires use with attacker-controlled file names, such as the files extracted from an untrusted archive. Exploitation also requires the LESSOPEN environment variable, but this is set by default in many common cases. (CVE-2024-32487)
Affected Packages:
less
Note:
This advisory is applicable to Amazon Linux 2 (AL2) Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories.
Issue Correction:
Run yum update less to update your system.
New Packages:
aarch64:
less-458-9.amzn2.0.4.aarch64
less-debuginfo-458-9.amzn2.0.4.aarch64
i686:
less-458-9.amzn2.0.4.i686
less-debuginfo-458-9.amzn2.0.4.i686
src:
less-458-9.amzn2.0.4.src
x86_64:
less-458-9.amzn2.0.4.x86_64
less-debuginfo-458-9.amzn2.0.4.x86_64
Additional References
Red Hat: CVE-2024-32487
Mitre: CVE-2024-32487
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Amazon Linux | 2 | aarch64 | less | < 458-9.amzn2.0.4 | less-458-9.amzn2.0.4.aarch64.rpm |
| Amazon Linux | 2 | aarch64 | less-debuginfo | < 458-9.amzn2.0.4 | less-debuginfo-458-9.amzn2.0.4.aarch64.rpm |
| Amazon Linux | 2 | i686 | less | < 458-9.amzn2.0.4 | less-458-9.amzn2.0.4.i686.rpm |
| Amazon Linux | 2 | i686 | less-debuginfo | < 458-9.amzn2.0.4 | less-debuginfo-458-9.amzn2.0.4.i686.rpm |
| Amazon Linux | 2 | x86_64 | less | < 458-9.amzn2.0.4 | less-458-9.amzn2.0.4.x86_64.rpm |
| Amazon Linux | 2 | x86_64 | less-debuginfo | < 458-9.amzn2.0.4 | less-debuginfo-458-9.amzn2.0.4.x86_64.rpm |
Related
slackware
slackware
[slackware-security] less
2024-04-14 18:39:08
openvas
openvas
Mageia: Security Advisory (MGASA-2024-0139)
2024-04-19 00:00:00
Ubuntu: Security Advisory (USN-6756-1)
2024-04-30 00:00:00
Slackware: Security Advisory (SSA:2024-105-01)
2024-04-15 00:00:00
nessus
nessus
SUSE SLES15 Security Update : less (SUSE-SU-2024:1534-1)
2024-05-07 00:00:00
RHEL 9 : less (RHSA-2024:3513)
2024-05-30 00:00:00
veracode
veracode
OS Command Execution
2024-04-26 04:16:41
cvelist
cvelist
CVE-2024-32487
2024-04-13 00:00:00
cloudfoundry
cloudfoundry
USN-6756-1: less vulnerability | Cloud Foundry
2024-05-23 00:00:00
rocky
rocky
less security update
2024-06-14 14:00:33
cve
cve
CVE-2024-32487
2024-04-13 15:15:52
mageia
mageia
Updated less packages fix security vulnerability
2024-04-19 04:16:42
cbl_mariner
cbl_mariner
CVE-2024-32487 affecting package less for versions less than 590-4
2024-04-30 01:31:53
CVE-2024-32487 affecting package less for versions less than 643-2
2024-05-31 18:55:08
osv
osv
CVE-2024-32487
2024-04-13 15:15:52
less vulnerability
2024-04-29 10:18:57
Important: less security update
2024-05-30 00:00:00
redhat
redhat
(RHSA-2024:3513) Important: less security update
2024-05-30 14:18:56
nvd
nvd
CVE-2024-32487
2024-04-13 15:15:52
debiancve
debiancve
CVE-2024-32487
2024-04-13 15:15:52
ubuntu
ubuntu
less vulnerability
2024-04-29 00:00:00
oraclelinux
oraclelinux
less security update
2024-06-06 00:00:00
less security update
2024-05-30 00:00:00
cloudlinux
cloudlinux
less: Fix of CVE-2024-32487
2024-05-17 11:47:49
almalinux
almalinux
Important: less security update
2024-05-30 00:00:00
ubuntucve
ubuntucve
CVE-2024-32487
2024-04-13 00:00:00
redhatcve
redhatcve
CVE-2024-32487
2024-04-14 14:23:59
redos
redos
ROS-20240516-01
2024-05-16 00:00:00
photon
photon
Critical Photon OS Security Update - PHSA-2024-5.0-0273
2024-05-15 00:00:00
Critical Photon OS Security Update - PHSA-2024-4.0-0612
2024-05-15 00:00:00
Critical Photon OS Security Update - PHSA-2024-3.0-0759
2024-05-15 00:00:00
debian
debian
[SECURITY] [DSA 5679-1] less security update
2024-05-03 21:12:55
[SECURITY] [DLA 3823-1] less security update
2024-05-27 19:50:55