Описание
Security update for less
This update for less fixes the following issues:
- CVE-2024-32487: Fixed mishandling of \n character in paths when LESSOPEN is set leads to OS command execution. (bsc#1222849)
Список пакетов
Container suse/sle-micro-rancher/5.2:latest
less-530-150000.3.9.1
Container suse/sle-micro/5.1/toolbox:latest
less-530-150000.3.9.1
Container suse/sle-micro/5.2/toolbox:latest
less-530-150000.3.9.1
Image SLES15-SP2-SAP-Azure-LI-BYOS-Production
less-530-150000.3.9.1
Image SLES15-SP2-SAP-Azure-VLI-BYOS-Production
less-530-150000.3.9.1
Image SLES15-SP3-BYOS-Azure
less-530-150000.3.9.1
Image SLES15-SP3-BYOS-EC2-HVM
less-530-150000.3.9.1
Image SLES15-SP3-BYOS-GCE
less-530-150000.3.9.1
Image SLES15-SP3-CHOST-BYOS-Aliyun
less-530-150000.3.9.1
Image SLES15-SP3-CHOST-BYOS-Azure
less-530-150000.3.9.1
Image SLES15-SP3-CHOST-BYOS-EC2
less-530-150000.3.9.1
Image SLES15-SP3-CHOST-BYOS-GCE
less-530-150000.3.9.1
Image SLES15-SP3-CHOST-BYOS-SAP-CCloud
less-530-150000.3.9.1
Image SLES15-SP3-HPC-BYOS-Azure
less-530-150000.3.9.1
Image SLES15-SP3-HPC-BYOS-EC2-HVM
less-530-150000.3.9.1
Image SLES15-SP3-HPC-BYOS-GCE
less-530-150000.3.9.1
Image SLES15-SP3-Micro-5-1-BYOS-Azure
less-530-150000.3.9.1
Image SLES15-SP3-Micro-5-1-BYOS-EC2-HVM
less-530-150000.3.9.1
Image SLES15-SP3-Micro-5-1-BYOS-GCE
less-530-150000.3.9.1
Image SLES15-SP3-Micro-5-2-BYOS-Azure
less-530-150000.3.9.1
Image SLES15-SP3-Micro-5-2-BYOS-EC2-HVM
less-530-150000.3.9.1
Image SLES15-SP3-Micro-5-2-BYOS-GCE
less-530-150000.3.9.1
Image SLES15-SP3-SAP-Azure-LI-BYOS-Production
less-530-150000.3.9.1
Image SLES15-SP3-SAP-Azure-VLI-BYOS-Production
less-530-150000.3.9.1
Image SLES15-SP3-SAP-BYOS-Azure
less-530-150000.3.9.1
Image SLES15-SP3-SAP-BYOS-EC2-HVM
less-530-150000.3.9.1
Image SLES15-SP3-SAP-BYOS-GCE
less-530-150000.3.9.1
Image SLES15-SP3-SAPCAL-Azure
less-530-150000.3.9.1
Image SLES15-SP3-SAPCAL-EC2-HVM
less-530-150000.3.9.1
Image SLES15-SP3-SAPCAL-GCE
less-530-150000.3.9.1
SUSE Enterprise Storage 7.1
less-530-150000.3.9.1
SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS
less-530-150000.3.9.1
SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS
less-530-150000.3.9.1
SUSE Linux Enterprise Micro 5.1
less-530-150000.3.9.1
SUSE Linux Enterprise Micro 5.2
less-530-150000.3.9.1
SUSE Linux Enterprise Server 15 SP2-LTSS
less-530-150000.3.9.1
SUSE Linux Enterprise Server 15 SP3-LTSS
less-530-150000.3.9.1
SUSE Linux Enterprise Server for SAP Applications 15 SP2
less-530-150000.3.9.1
SUSE Linux Enterprise Server for SAP Applications 15 SP3
less-530-150000.3.9.1
Ссылки
- Link for SUSE-SU-2024:1534-1
- E-Mail link for SUSE-SU-2024:1534-1
- SUSE Security Ratings
- SUSE Bug 1222849
- SUSE CVE CVE-2024-32487 page
Описание
less through 653 allows OS command execution via a newline character in the name of a file, because quoting is mishandled in filename.c. Exploitation typically requires use with attacker-controlled file names, such as the files extracted from an untrusted archive. Exploitation also requires the LESSOPEN environment variable, but this is set by default in many common cases.
Затронутые продукты
Container suse/sle-micro-rancher/5.2:latest:less-530-150000.3.9.1
Container suse/sle-micro/5.1/toolbox:latest:less-530-150000.3.9.1
Container suse/sle-micro/5.2/toolbox:latest:less-530-150000.3.9.1
Image SLES15-SP2-SAP-Azure-LI-BYOS-Production:less-530-150000.3.9.1
Ссылки
- CVE-2024-32487
- SUSE Bug 1222849