less through 653 allows OS command execution via a newline character in the name of a file, because quoting is mishandled in filename.c. Exploitation typically requires use with attacker-controlled file names, such as the files extracted from an untrusted archive. Exploitation also requires the LESSOPEN environment variable, but this is set by default in many common cases. https://github.com/gwsw/less/commit/007521ac3c95bc76e3d59c6dbfe75d06c8075c33 https://www.openwall.com/lists/oss-security/2024/04/12/5 https://www.openwall.com/lists/oss-security/2024/04/13/2
Created less tracking bugs for this issue: Affects: fedora-all [bug 2274981]
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2024:3513 https://access.redhat.com/errata/RHSA-2024:3513
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2024:3669 https://access.redhat.com/errata/RHSA-2024:3669
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2024:4256 https://access.redhat.com/errata/RHSA-2024:4256
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Advanced Update Support Via RHSA-2024:4366 https://access.redhat.com/errata/RHSA-2024:4366
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.8 Extended Update Support Via RHSA-2024:4369 https://access.redhat.com/errata/RHSA-2024:4369
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions Red Hat Enterprise Linux 8.4 Telecommunications Update Service Via RHSA-2024:4416 https://access.redhat.com/errata/RHSA-2024:4416
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions Red Hat Enterprise Linux 8.6 Telecommunications Update Service Via RHSA-2024:4418 https://access.redhat.com/errata/RHSA-2024:4418
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions Via RHSA-2024:4528 https://access.redhat.com/errata/RHSA-2024:4528
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.2 Extended Update Support Via RHSA-2024:4529 https://access.redhat.com/errata/RHSA-2024:4529