Описание
Security update for less
This update for less fixes the following issues:
- CVE-2024-32487: Fixed OS command injection via a newline character in the file name. (bsc#1222849)
Список пакетов
Container bci/bci-sle15-kernel-module-devel:15.7
less-643-150600.3.3.1
Container bci/bci-sle15-kernel-module-devel:latest
less-643-150600.3.3.1
Container bci/gcc:latest
less-643-150600.3.3.1
Container bci/golang:1.22-openssl
less-643-150600.3.3.1
Container bci/golang:1.23
less-643-150600.3.3.1
Container bci/golang:latest
less-643-150600.3.3.1
Container bci/kiwi:latest
less-643-150600.3.3.1
Container bci/node:22
less-643-150600.3.3.1
Container bci/nodejs:latest
less-643-150600.3.3.1
Container bci/openjdk:17
less-643-150600.3.3.1
Container bci/openjdk:latest
less-643-150600.3.3.1
Container bci/python:3
less-643-150600.3.3.1
Container bci/python:3.13
less-643-150600.3.3.1
Container bci/python:latest
less-643-150600.3.3.1
Container bci/ruby:3
less-643-150600.3.3.1
Container bci/ruby:latest
less-643-150600.3.3.1
Container bci/spack:0.23
less-643-150600.3.3.1
Container bci/spack:latest
less-643-150600.3.3.1
Container containers/python:3.11
less-643-150600.3.3.1
Container containers/python:3.9
less-643-150600.3.3.1
Container containers/pytorch:2-nvidia
less-643-150600.3.3.1
Container containers/pytorch:2.5.0
less-643-150600.3.3.1
Container suse/git:latest
less-643-150600.3.3.1
Container suse/hpc/warewulf4-x86_64/sle-hpc-node:latest
less-643-150600.3.3.1
Container suse/manager/5.0/x86_64/server:latest
less-643-150600.3.3.1
Image SLES15-SP6
less-643-150600.3.3.1
Image SLES15-SP6-Azure-Basic
less-643-150600.3.3.1
Image SLES15-SP6-Azure-Standard
less-643-150600.3.3.1
Image SLES15-SP6-BYOS
less-643-150600.3.3.1
Image SLES15-SP6-BYOS-Azure
less-643-150600.3.3.1
Image SLES15-SP6-BYOS-EC2
less-643-150600.3.3.1
Image SLES15-SP6-BYOS-GCE
less-643-150600.3.3.1
Image SLES15-SP6-CHOST-BYOS
less-643-150600.3.3.1
Image SLES15-SP6-CHOST-BYOS-Aliyun
less-643-150600.3.3.1
Image SLES15-SP6-CHOST-BYOS-Azure
less-643-150600.3.3.1
Image SLES15-SP6-CHOST-BYOS-EC2
less-643-150600.3.3.1
Image SLES15-SP6-CHOST-BYOS-GCE
less-643-150600.3.3.1
Image SLES15-SP6-CHOST-BYOS-GDC
less-643-150600.3.3.1
Image SLES15-SP6-CHOST-BYOS-SAP-CCloud
less-643-150600.3.3.1
Image SLES15-SP6-EC2
less-643-150600.3.3.1
Image SLES15-SP6-GCE
less-643-150600.3.3.1
Image SLES15-SP6-HPC
less-643-150600.3.3.1
Image SLES15-SP6-HPC-Azure
less-643-150600.3.3.1
Image SLES15-SP6-HPC-BYOS
less-643-150600.3.3.1
Image SLES15-SP6-HPC-BYOS-Azure
less-643-150600.3.3.1
Image SLES15-SP6-HPC-BYOS-EC2
less-643-150600.3.3.1
Image SLES15-SP6-HPC-BYOS-GCE
less-643-150600.3.3.1
Image SLES15-SP6-HPC-EC2
less-643-150600.3.3.1
Image SLES15-SP6-HPC-GCE
less-643-150600.3.3.1
Image SLES15-SP6-Hardened-BYOS
less-643-150600.3.3.1
Image SLES15-SP6-Hardened-BYOS-Azure
less-643-150600.3.3.1
Image SLES15-SP6-Hardened-BYOS-EC2
less-643-150600.3.3.1
Image SLES15-SP6-Hardened-BYOS-GCE
less-643-150600.3.3.1
Image SLES15-SP6-SAP
less-643-150600.3.3.1
Image SLES15-SP6-SAP-Azure
less-643-150600.3.3.1
Image SLES15-SP6-SAP-Azure-LI-BYOS
less-643-150600.3.3.1
Image SLES15-SP6-SAP-Azure-LI-BYOS-Production
less-643-150600.3.3.1
Image SLES15-SP6-SAP-Azure-VLI-BYOS
less-643-150600.3.3.1
Image SLES15-SP6-SAP-Azure-VLI-BYOS-Production
less-643-150600.3.3.1
Image SLES15-SP6-SAP-BYOS
less-643-150600.3.3.1
Image SLES15-SP6-SAP-BYOS-Azure
less-643-150600.3.3.1
Image SLES15-SP6-SAP-BYOS-EC2
less-643-150600.3.3.1
Image SLES15-SP6-SAP-BYOS-GCE
less-643-150600.3.3.1
Image SLES15-SP6-SAP-EC2
less-643-150600.3.3.1
Image SLES15-SP6-SAP-GCE
less-643-150600.3.3.1
Image SLES15-SP6-SAP-Hardened
less-643-150600.3.3.1
Image SLES15-SP6-SAP-Hardened-Azure
less-643-150600.3.3.1
Image SLES15-SP6-SAP-Hardened-BYOS
less-643-150600.3.3.1
Image SLES15-SP6-SAP-Hardened-BYOS-Azure
less-643-150600.3.3.1
Image SLES15-SP6-SAP-Hardened-BYOS-EC2
less-643-150600.3.3.1
Image SLES15-SP6-SAP-Hardened-BYOS-GCE
less-643-150600.3.3.1
Image SLES15-SP6-SAP-Hardened-EC2
less-643-150600.3.3.1
Image SLES15-SP6-SAP-Hardened-GCE
less-643-150600.3.3.1
Image SLES15-SP6-SAPCAL
less-643-150600.3.3.1
Image SLES15-SP6-SAPCAL-Azure
less-643-150600.3.3.1
Image SLES15-SP6-SAPCAL-EC2
less-643-150600.3.3.1
Image SLES15-SP6-SAPCAL-GCE
less-643-150600.3.3.1
Image ai_15_6
less-643-150600.3.3.1
Image python_15_6
less-643-150600.3.3.1
Image server-image
less-643-150600.3.3.1
SUSE Linux Enterprise Module for Basesystem 15 SP6
less-643-150600.3.3.1
openSUSE Leap 15.6
less-643-150600.3.3.1
Ссылки
- Link for SUSE-SU-2024:2060-1
- E-Mail link for SUSE-SU-2024:2060-1
- SUSE Security Ratings
- SUSE Bug 1222849
- SUSE CVE CVE-2024-32487 page
Описание
less through 653 allows OS command execution via a newline character in the name of a file, because quoting is mishandled in filename.c. Exploitation typically requires use with attacker-controlled file names, such as the files extracted from an untrusted archive. Exploitation also requires the LESSOPEN environment variable, but this is set by default in many common cases.
Затронутые продукты
Container bci/bci-sle15-kernel-module-devel:15.7:less-643-150600.3.3.1
Container bci/bci-sle15-kernel-module-devel:latest:less-643-150600.3.3.1
Container bci/gcc:latest:less-643-150600.3.3.1
Container bci/golang:1.22-openssl:less-643-150600.3.3.1
Ссылки
- CVE-2024-32487
- SUSE Bug 1222849