Astra Linux - уязвимость в less

Closealtfile in filename.c in less before 606 omits shellquote calls for LESSCLOSE...

EulerOS 2.0 SP9 : less (EulerOS-SA-2024-1938)

According to the versions of the less package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : closealtfile in filename.c in less before 606 omits shellquote calls for LESSCLOSE.CVE-2022-48624 less through 653 allows OS command execution via a...

less: missing quoting of shell metacharacters in LESSCLOSE handling

A flaw was found in less. The closealtfile function in filename.c omits shellquote calls for LESSCLOSE, a command line to invoke the optional input postprocessor. This issue could lead to an OS command injection vulnerability and arbitrary command execution on the host operating system...

CLSA-2024-1716272273 less: Fix of CVE-2022-48624

CVE-2022-48624: filename.c: shell-quote filenames when invoking LESSCLOSE...

CLSA-2024-1716272169 less: Fix of CVE-2022-48624

CVE-2022-48624: filename.c: shell-quote filenames when invoking LESSCLOSE...

CLSA-2024-1714065925 less: Fix of CVE-2022-48624

Fix CVE-2022-48624: filename.c closealtfile: before 606 omits shellquote calls for LESSCLOSE...

CLSA-2024-1713523598 less: Fix of CVE-2022-48624

CVE-2022-48624: shell-quote filenames when invoking LESSCLOSE...

less: Fix of CVE-2022-48624

CVE-2022-48624: shell-quote filenames when invoking LESSCLOSE...

SUSE-SU-2024:1189-1 Security update for less

This update for less fixes the following issues: - CVE-2022-48624: Fixed LESSCLOSE handling in less that does not quote shell metacharacters bsc1219901...

less: missing quoting of shell metacharacters in LESSCLOSE handling

A flaw was found in less. The closealtfile function in filename.c omits shellquote calls for LESSCLOSE, a command line to invoke the optional input postprocessor. This issue could lead to an OS command injection vulnerability and arbitrary command execution on the host operating system...

RHEL 9 : less (RHSA-2024:1692)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:1692 advisory. The less utility is a text file browser that resembles more, but allows users to move backwards in the file as well as forwards. Since less does not...

RLSA-2024:1610 Moderate: less security update

The "less" utility is a text file browser that resembles "more", but allows users to move backwards in the file as well as forwards. Since "less" does not read the entire input file at startup, it also starts more quickly than ordinary text editors. Security Fixes: less: missing quoting of shell...

less: missing quoting of shell metacharacters in LESSCLOSE handling

A flaw was found in less. The closealtfile function in filename.c omits shellquote calls for LESSCLOSE, a command line to invoke the optional input postprocessor. This issue could lead to an OS command injection vulnerability and arbitrary command execution on the host operating system...

Important: less

Issue Overview: closealtfile in filename.c in less before 606 omits shellquote calls for LESSCLOSE. CVE-2022-48624 Affected Packages: less Issue Correction: Run yum update less or yum update --advisory ALAS-2024-1924 to update your system. New Packages: i686: less-436-13.13.amzn1.i686 ...

Less Security Breach

Less is a text-finding application open-sourced by gwsw. A security vulnerability exists in versions prior to Less 606, which stems from the fact that closealtfile in filename.c omits the shellquote call to LESSCLOSE...

CVE-2022-48624

closealtfile in filename.c in less before 606 omits shellquote calls for LESSCLOSE...

CVE-2022-48624

CVE-2022-48624 affects the less utility (filename.c close_altfile) in versions prior to 606, where shell_quote handling for LESSCLOSE is omitted, enabling potential local command-injection via crafted filenames. Connected sources confirm the issue and show remediation guidance: upgrade to less 60...