[USN-6756-1] less vulnerability

Severity High

Affected Packages 7

CVEs 1

less could be made run programs as your login if it opened a specially crafted file.

It was discovered that less mishandled newline characters in file names. If
a user or automated system were tricked into opening specially crafted
files, an attacker could possibly use this issue to execute arbitrary
commands on the host.

Package	Affected Version
pkg:deb/ubuntu/less?distro=xenial	< 481-2.1ubuntu0.2+esm2
pkg:deb/ubuntu/less?distro=trusty	< 458-2ubuntu0.1~esm1
pkg:deb/ubuntu/less?distro=noble	< 590-2ubuntu2.1
pkg:deb/ubuntu/less?distro=mantic	< 590-2ubuntu0.23.10.2
pkg:deb/ubuntu/less?distro=jammy	< 590-1ubuntu0.22.04.3
pkg:deb/ubuntu/less?distro=focal	< 551-1ubuntu0.3
pkg:deb/ubuntu/less?distro=bionic	< 487-0.1ubuntu0.1~esm2

ID

USN-6756-1

Severity

high

Severity from

CVE-2024-32487

URL

https://ubuntu.com/security/notices/USN-6756-1

Published

2024-04-29T10:18:57
(4 months ago)

Modified

2024-04-29T10:18:57
(4 months ago)

Other Advisories

Type	Package URL	Namespace	Name / Product	Version	Distribution / Platform
Affected	pkg:deb/ubuntu/less?distro=xenial	ubuntu	less	< 481-2.1ubuntu0.2+esm2	xenial
Affected	pkg:deb/ubuntu/less?distro=trusty	ubuntu	less	< 458-2ubuntu0.1~esm1	trusty
Affected	pkg:deb/ubuntu/less?distro=noble	ubuntu	less	< 590-2ubuntu2.1	noble
Affected	pkg:deb/ubuntu/less?distro=mantic	ubuntu	less	< 590-2ubuntu0.23.10.2	mantic
Affected	pkg:deb/ubuntu/less?distro=jammy	ubuntu	less	< 590-1ubuntu0.22.04.3	jammy
Affected	pkg:deb/ubuntu/less?distro=focal	ubuntu	less	< 551-1ubuntu0.3	focal
Affected	pkg:deb/ubuntu/less?distro=bionic	ubuntu	less	< 487-0.1ubuntu0.1~esm2	bionic

# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	Exploits	PoC	Pubblication Date	Modification Date
# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	PoC	Pubblication Date	Modification Date