Medium
Canonical Ubuntu
It was discovered that less mishandled newline characters in file names. If a user or automated system were tricked into opening specially crafted files, an attacker could possibly use this issue to execute arbitrary commands on the host. Update Instructions: Run sudo pro fix USN-6756-1
to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: less – 481-2.1ubuntu0.2+esm2 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro
CVEs contained in this USN include: CVE-2024-32487.
Severity is medium unless otherwise noted.
Users of affected products are strongly encouraged to follow the mitigations below.
The Cloud Foundry project recommends upgrading the following releases:
2024-05-23: Initial vulnerability report published.
CPE | Name | Operator | Version |
---|---|---|---|
cflinuxfs4 | lt | 1.96.0 | |
jammy stemcells | lt | 1.439 | |
cf deployment | lt | 30.0.0 |