Описание
Security update for less
This update for less fixes the following issues:
- CVE-2024-32487: Fixed mishandling of \n character in paths when LESSOPEN is set leads to OS command execution. (bsc#1222849)
Список пакетов
Container bci/golang:1.20-openssl
less-590-150400.3.9.1
Container bci/golang:1.21
less-590-150400.3.9.1
Container bci/golang:latest
less-590-150400.3.9.1
Container bci/node:18
less-590-150400.3.9.1
Container bci/nodejs:latest
less-590-150400.3.9.1
Container bci/openjdk:11
less-590-150400.3.9.1
Container bci/openjdk:17
less-590-150400.3.9.1
Container bci/python:3
less-590-150400.3.9.1
Container bci/python:latest
less-590-150400.3.9.1
Container bci/ruby:latest
less-590-150400.3.9.1
Container suse/git:latest
less-590-150400.3.9.1
Container suse/sle-micro-rancher/5.3:latest
less-590-150400.3.9.1
Container suse/sle-micro-rancher/5.4:latest
less-590-150400.3.9.1
Container suse/sle-micro/5.3/toolbox:latest
less-590-150400.3.9.1
Container suse/sle-micro/5.4/toolbox:latest
less-590-150400.3.9.1
Container suse/sle-micro/5.5/toolbox:latest
less-590-150400.3.9.1
Container suse/sle-micro/5.5:latest
less-590-150400.3.9.1
Image SLES15-SP4-BYOS
less-590-150400.3.9.1
Image SLES15-SP4-BYOS-Azure
less-590-150400.3.9.1
Image SLES15-SP4-BYOS-EC2
less-590-150400.3.9.1
Image SLES15-SP4-BYOS-GCE
less-590-150400.3.9.1
Image SLES15-SP4-CHOST-BYOS
less-590-150400.3.9.1
Image SLES15-SP4-CHOST-BYOS-Aliyun
less-590-150400.3.9.1
Image SLES15-SP4-CHOST-BYOS-Azure
less-590-150400.3.9.1
Image SLES15-SP4-CHOST-BYOS-EC2
less-590-150400.3.9.1
Image SLES15-SP4-CHOST-BYOS-GCE
less-590-150400.3.9.1
Image SLES15-SP4-CHOST-BYOS-SAP-CCloud
less-590-150400.3.9.1
Image SLES15-SP4-HPC-BYOS
less-590-150400.3.9.1
Image SLES15-SP4-HPC-BYOS-Azure
less-590-150400.3.9.1
Image SLES15-SP4-HPC-BYOS-EC2
less-590-150400.3.9.1
Image SLES15-SP4-HPC-BYOS-GCE
less-590-150400.3.9.1
Image SLES15-SP4-HPC-EC2
less-590-150400.3.9.1
Image SLES15-SP4-HPC-GCE
less-590-150400.3.9.1
Image SLES15-SP4-Hardened-BYOS
less-590-150400.3.9.1
Image SLES15-SP4-Hardened-BYOS-Azure
less-590-150400.3.9.1
Image SLES15-SP4-Hardened-BYOS-EC2
less-590-150400.3.9.1
Image SLES15-SP4-Hardened-BYOS-GCE
less-590-150400.3.9.1
Image SLES15-SP4-Manager-Proxy-4-3-BYOS
less-590-150400.3.9.1
Image SLES15-SP4-Manager-Proxy-4-3-BYOS-Azure
less-590-150400.3.9.1
Image SLES15-SP4-Manager-Proxy-4-3-BYOS-EC2
less-590-150400.3.9.1
Image SLES15-SP4-Manager-Proxy-4-3-BYOS-GCE
less-590-150400.3.9.1
Image SLES15-SP4-Manager-Server-4-3
less-590-150400.3.9.1
Image SLES15-SP4-Manager-Server-4-3-Azure-llc
less-590-150400.3.9.1
Image SLES15-SP4-Manager-Server-4-3-Azure-ltd
less-590-150400.3.9.1
Image SLES15-SP4-Manager-Server-4-3-BYOS
less-590-150400.3.9.1
Image SLES15-SP4-Manager-Server-4-3-BYOS-Azure
less-590-150400.3.9.1
Image SLES15-SP4-Manager-Server-4-3-BYOS-EC2
less-590-150400.3.9.1
Image SLES15-SP4-Manager-Server-4-3-BYOS-GCE
less-590-150400.3.9.1
Image SLES15-SP4-Manager-Server-4-3-EC2-llc
less-590-150400.3.9.1
Image SLES15-SP4-Manager-Server-4-3-EC2-ltd
less-590-150400.3.9.1
Image SLES15-SP4-Micro-5-3
less-590-150400.3.9.1
Image SLES15-SP4-Micro-5-3-BYOS
less-590-150400.3.9.1
Image SLES15-SP4-Micro-5-3-BYOS-Azure
less-590-150400.3.9.1
Image SLES15-SP4-Micro-5-3-BYOS-EC2
less-590-150400.3.9.1
Image SLES15-SP4-Micro-5-3-BYOS-GCE
less-590-150400.3.9.1
Image SLES15-SP4-Micro-5-3-EC2
less-590-150400.3.9.1
Image SLES15-SP4-Micro-5-4
less-590-150400.3.9.1
Image SLES15-SP4-Micro-5-4-BYOS
less-590-150400.3.9.1
Image SLES15-SP4-Micro-5-4-BYOS-Azure
less-590-150400.3.9.1
Image SLES15-SP4-Micro-5-4-BYOS-EC2
less-590-150400.3.9.1
Image SLES15-SP4-Micro-5-4-BYOS-GCE
less-590-150400.3.9.1
Image SLES15-SP4-Micro-5-4-EC2
less-590-150400.3.9.1
Image SLES15-SP4-Micro-5-4-GCE
less-590-150400.3.9.1
Image SLES15-SP4-SAP
less-590-150400.3.9.1
Image SLES15-SP4-SAP-Azure
less-590-150400.3.9.1
Image SLES15-SP4-SAP-Azure-LI-BYOS
less-590-150400.3.9.1
Image SLES15-SP4-SAP-Azure-LI-BYOS-Production
less-590-150400.3.9.1
Image SLES15-SP4-SAP-Azure-VLI-BYOS
less-590-150400.3.9.1
Image SLES15-SP4-SAP-Azure-VLI-BYOS-Production
less-590-150400.3.9.1
Image SLES15-SP4-SAP-BYOS
less-590-150400.3.9.1
Image SLES15-SP4-SAP-BYOS-Azure
less-590-150400.3.9.1
Image SLES15-SP4-SAP-BYOS-EC2
less-590-150400.3.9.1
Image SLES15-SP4-SAP-BYOS-GCE
less-590-150400.3.9.1
Image SLES15-SP4-SAP-EC2
less-590-150400.3.9.1
Image SLES15-SP4-SAP-GCE
less-590-150400.3.9.1
Image SLES15-SP4-SAP-Hardened
less-590-150400.3.9.1
Image SLES15-SP4-SAP-Hardened-Azure
less-590-150400.3.9.1
Image SLES15-SP4-SAP-Hardened-BYOS
less-590-150400.3.9.1
Image SLES15-SP4-SAP-Hardened-BYOS-Azure
less-590-150400.3.9.1
Image SLES15-SP4-SAP-Hardened-BYOS-EC2
less-590-150400.3.9.1
Image SLES15-SP4-SAP-Hardened-BYOS-GCE
less-590-150400.3.9.1
Image SLES15-SP4-SAP-Hardened-GCE
less-590-150400.3.9.1
Image SLES15-SP4-SAPCAL
less-590-150400.3.9.1
Image SLES15-SP4-SAPCAL-Azure
less-590-150400.3.9.1
Image SLES15-SP4-SAPCAL-EC2
less-590-150400.3.9.1
Image SLES15-SP4-SAPCAL-GCE
less-590-150400.3.9.1
Image SLES15-SP5-Azure-3P
less-590-150400.3.9.1
Image SLES15-SP5-Azure-Basic
less-590-150400.3.9.1
Image SLES15-SP5-Azure-Standard
less-590-150400.3.9.1
Image SLES15-SP5-BYOS-Azure
less-590-150400.3.9.1
Image SLES15-SP5-BYOS-EC2
less-590-150400.3.9.1
Image SLES15-SP5-BYOS-GCE
less-590-150400.3.9.1
Image SLES15-SP5-CHOST-BYOS-Aliyun
less-590-150400.3.9.1
Image SLES15-SP5-CHOST-BYOS-Azure
less-590-150400.3.9.1
Image SLES15-SP5-CHOST-BYOS-EC2
less-590-150400.3.9.1
Image SLES15-SP5-CHOST-BYOS-GCE
less-590-150400.3.9.1
Image SLES15-SP5-CHOST-BYOS-GDC
less-590-150400.3.9.1
Image SLES15-SP5-CHOST-BYOS-SAP-CCloud
less-590-150400.3.9.1
Image SLES15-SP5-EC2
less-590-150400.3.9.1
Image SLES15-SP5-GCE
less-590-150400.3.9.1
Image SLES15-SP5-HPC-Azure
less-590-150400.3.9.1
Image SLES15-SP5-HPC-BYOS-Azure
less-590-150400.3.9.1
Image SLES15-SP5-HPC-BYOS-EC2
less-590-150400.3.9.1
Image SLES15-SP5-HPC-BYOS-GCE
less-590-150400.3.9.1
Image SLES15-SP5-Hardened-BYOS-Azure
less-590-150400.3.9.1
Image SLES15-SP5-Hardened-BYOS-EC2
less-590-150400.3.9.1
Image SLES15-SP5-Hardened-BYOS-GCE
less-590-150400.3.9.1
Image SLES15-SP5-Manager-Proxy-5-0-BYOS
less-590-150400.3.9.1
Image SLES15-SP5-Manager-Proxy-5-0-BYOS-Azure
less-590-150400.3.9.1
Image SLES15-SP5-Manager-Proxy-5-0-BYOS-EC2
less-590-150400.3.9.1
Image SLES15-SP5-Manager-Proxy-5-0-BYOS-GCE
less-590-150400.3.9.1
Image SLES15-SP5-Manager-Server-5-0
less-590-150400.3.9.1
Image SLES15-SP5-Manager-Server-5-0-Azure-llc
less-590-150400.3.9.1
Image SLES15-SP5-Manager-Server-5-0-Azure-ltd
less-590-150400.3.9.1
Image SLES15-SP5-Manager-Server-5-0-BYOS
less-590-150400.3.9.1
Image SLES15-SP5-Manager-Server-5-0-BYOS-Azure
less-590-150400.3.9.1
Image SLES15-SP5-Manager-Server-5-0-BYOS-EC2
less-590-150400.3.9.1
Image SLES15-SP5-Manager-Server-5-0-BYOS-GCE
less-590-150400.3.9.1
Image SLES15-SP5-Manager-Server-5-0-EC2-llc
less-590-150400.3.9.1
Image SLES15-SP5-Manager-Server-5-0-EC2-ltd
less-590-150400.3.9.1
Image SLES15-SP5-Micro-5-5
less-590-150400.3.9.1
Image SLES15-SP5-Micro-5-5-Azure
less-590-150400.3.9.1
Image SLES15-SP5-Micro-5-5-BYOS
less-590-150400.3.9.1
Image SLES15-SP5-Micro-5-5-BYOS-Azure
less-590-150400.3.9.1
Image SLES15-SP5-Micro-5-5-BYOS-EC2
less-590-150400.3.9.1
Image SLES15-SP5-Micro-5-5-BYOS-GCE
less-590-150400.3.9.1
Image SLES15-SP5-Micro-5-5-EC2
less-590-150400.3.9.1
Image SLES15-SP5-Micro-5-5-GCE
less-590-150400.3.9.1
Image SLES15-SP5-SAP-Azure-3P
less-590-150400.3.9.1
Image SLES15-SP5-SAP-Azure-LI-BYOS
less-590-150400.3.9.1
Image SLES15-SP5-SAP-Azure-LI-BYOS-Production
less-590-150400.3.9.1
Image SLES15-SP5-SAP-Azure-VLI-BYOS
less-590-150400.3.9.1
Image SLES15-SP5-SAP-Azure-VLI-BYOS-Production
less-590-150400.3.9.1
Image SLES15-SP5-SAP-BYOS-Azure
less-590-150400.3.9.1
Image SLES15-SP5-SAP-BYOS-EC2
less-590-150400.3.9.1
Image SLES15-SP5-SAP-BYOS-GCE
less-590-150400.3.9.1
Image SLES15-SP5-SAP-Hardened-Azure
less-590-150400.3.9.1
Image SLES15-SP5-SAP-Hardened-BYOS-Azure
less-590-150400.3.9.1
Image SLES15-SP5-SAP-Hardened-BYOS-EC2
less-590-150400.3.9.1
Image SLES15-SP5-SAP-Hardened-BYOS-GCE
less-590-150400.3.9.1
Image SLES15-SP5-SAP-Hardened-GCE
less-590-150400.3.9.1
Image SLES15-SP5-SAPCAL-Azure
less-590-150400.3.9.1
Image SLES15-SP5-SAPCAL-EC2
less-590-150400.3.9.1
Image SLES15-SP5-SAPCAL-GCE
less-590-150400.3.9.1
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS
less-590-150400.3.9.1
SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS
less-590-150400.3.9.1
SUSE Linux Enterprise Micro 5.3
less-590-150400.3.9.1
SUSE Linux Enterprise Micro 5.4
less-590-150400.3.9.1
SUSE Linux Enterprise Micro 5.5
less-590-150400.3.9.1
SUSE Linux Enterprise Module for Basesystem 15 SP5
less-590-150400.3.9.1
SUSE Linux Enterprise Server 15 SP4-LTSS
less-590-150400.3.9.1
SUSE Linux Enterprise Server for SAP Applications 15 SP4
less-590-150400.3.9.1
SUSE Manager Proxy 4.3
less-590-150400.3.9.1
SUSE Manager Server 4.3
less-590-150400.3.9.1
openSUSE Leap 15.5
less-590-150400.3.9.1
openSUSE Leap Micro 5.3
less-590-150400.3.9.1
openSUSE Leap Micro 5.4
less-590-150400.3.9.1
Ссылки
- Link for SUSE-SU-2024:1598-1
- E-Mail link for SUSE-SU-2024:1598-1
- SUSE Security Ratings
- SUSE Bug 1222849
- SUSE CVE CVE-2024-32487 page
Описание
less through 653 allows OS command execution via a newline character in the name of a file, because quoting is mishandled in filename.c. Exploitation typically requires use with attacker-controlled file names, such as the files extracted from an untrusted archive. Exploitation also requires the LESSOPEN environment variable, but this is set by default in many common cases.
Затронутые продукты
Container bci/golang:1.20-openssl:less-590-150400.3.9.1
Container bci/golang:1.21:less-590-150400.3.9.1
Container bci/golang:latest:less-590-150400.3.9.1
Container bci/node:18:less-590-150400.3.9.1
Ссылки
- CVE-2024-32487
- SUSE Bug 1222849