CLSA-2024-1714066220 Fix CVE(s): CVE-2022-48624

SECURITY UPDATE: shell-quote filenames when invoking LESSCLOSE. - debian/patches/CVE-2022-48624.patch: Fix closealtfile in filename.c in less before 606 omits shellquote calls for LESSCLOSE. - CVE-2022-48624...

less: missing quoting of shell metacharacters in LESSCLOSE handling

A flaw was found in less. The closealtfile function in filename.c omits shellquote calls for LESSCLOSE, a command line to invoke the optional input postprocessor. This issue could lead to an OS command injection vulnerability and arbitrary command execution on the host operating system...

SUSE CVE-2022-48624

closealtfile in filename.c in less before 606 omits shellquote calls for LESSCLOSE...

AZL-34458 CVE-2022-48624 affecting package less for versions less than 590-3

closealtfile in filename.c in less before 606 omits shellquote calls for LESSCLOSE...

PT-2024-4011 · Less +9 · Less +9

Name of the Vulnerable Software and Affected Versions: less versions prior to 606 Description: The issue is related to the close altfile function in filename.c, which omits shell quote calls for LESSCLOSE. This can allow an attacker to execute arbitrary commands. Recommendations: For versions pri...