SUSE alert SUSE-SU-2025:20394-1 (less)
| From: | SLE-SECURITY-UPDATES <null@suse.de> | |
| To: | sle-security-updates@lists.suse.com | |
| Subject: | SUSE-SU-2025:20394-1: important: Security update for less | |
| Date: | Fri, 13 Jun 2025 20:30:59 -0000 | |
| Message-ID: | <174984665971.16661.4148428520485635181@smelt2.prg2.suse.org> |
# Security update for less Announcement ID: SUSE-SU-2025:20394-1 Release Date: 2025-06-08T13:39:11Z Rating: important References: * bsc#1047218 * bsc#1222849 * bsc#915387 Cross-References: * CVE-2024-32487 CVSS scores: * CVE-2024-32487 ( SUSE ): 8.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.1 An update that solves one vulnerability and has two fixes can now be installed. ## Description: This update for less fixes the following issues: * Updated to version 668 * Fixed crash when using --header on command line * Fixed possible crash when scrolling left/right or toggling -S * Fixed bug when using #stop in a lesskey file * Fixed bug when using --shift or --match-shift on command line with a parameter starting with '.' * Fixed bug in R command when file size changes * Fixed bug using --header when file does not fill screen * Fixed ^X bug when output is not a terminal * Fixed bug where ^Z is not handled immediately * Fixed bug where first byte from a LESSOPEN filter is deleted if it is greater than 0x7F * Fixed uninitialized variable in edit_ifile * Fixed incorrect handling of UTF-8 chars in prompts * Change preprocessor dependencies from Requires to Recommends. It's disabled by default and they are not necessary for less. * Updated to version 661: * fixed crash - buffer overflow by one in fexpand * fixed free(): double free detected in tcache 2 * fixed segmentation fault on line-num-width & -N * Updated to version 656: * Add ^O^N, ^O^P, ^O^L and ^O^O commands and mouse clicks (with --mouse) to find and open OSC8 hyperlinks (github #251). * Add --match-shift option. * Add --lesskey-content option (github #447). * Add LESSKEY_CONTENT environment variable (github #447). * Add --no-search-header-lines and --no-search-header-columns options (github #397). * Add ctrl-L search modifier (github #367). * A ctrl-P at the start of a shell command suppresses the "done" message (github #462). * Add attribute characters ('*', '~', '_', '&') to --color parameter (github #471). * Allow expansion of environment variables in lesskey files. * Add LESSSECURE_ALLOW environment variable (github #449). * Add LESS_UNSUPPORT environment variable. * Add line number parameter to --header option (github #436). * Mouse right-click jumps to position marked by left-click (github #390). * Ensure that the target line is not obscured by a header line set by --header (github #444). * Change default character set to "utf-8", except remains "dos" on MS-DOS. * Add message when search with ^W wraps (github #459). * UCRT builds on Windows 10 and later now support Unicode file names (github #438). * Improve behavior of interrupt while reading non-terminated pipe (github #414). * Improve parsing of -j, -x and -# options (github #393). * Support files larger than 4GB on Windows (github #417). * Support entry of Unicode chars larger than U+FFFF on Windows (github #391). * Improve colors of bold, underline and standout text on Windows. * Allow --rscroll to accept non-ASCII characters (github #483). * Allow the parameter to certain options to be terminated with a space (--color, --quotes, --rscroll, --search-options and --intr) (github #495). * Fix bug where # substitution failed after viewing help (github #420). * Fix crash if files are deleted while less is viewing them (github #404). * Workaround unreliable ReadConsoleInputW behavior on Windows with non-ASCII input. * Fix -J display when searching for non-ASCII characters (github #422). * Don't filter header lines via the & command (github #423). * Fix bug when horizontally shifting long lines (github #425). * Add -x and -D options to lesstest, to make it easier to diagnose a failed lesstest run. * Fix bug searching long lines with --incsearch and -S (github #428). * Fix bug that made ESC-} fail if top line on screen was empty (github #429). * Fix bug with --mouse on Windows when used with pipes (github #440). * Fix bug in --+OPTION command line syntax. * Fix display bug when using -w with an empty line with a CR/LF line ending (github #474). * When substituting '#' or '%' with a filename, quote the filename if it contains a space (github #480). * Fix wrong sleep time when system has usleep but not nanosleep (github #489). * Fix bug when file name contains a newline (CVE-2024-32487, bsc#1222849). * Fix bug when file name contains nonprintable characters (github #503). * Fix DJGPP build (github #497). * Update Unicode tables. * add zstd support to lessopen * Updated to 643: * Fixed problem when a program piping into less reads from the tty, like sudo asking for password (github #368). * Fixed search modifier ^E after ^W. * Fixed bug using negated (^N) search (github #374). * Fixed bug setting colors with -D on Windows build (github #386). * Fixed reading special chars like PageDown on Windows (github #378). * Fixed mouse wheel scrolling on Windows (github #379). * Fixed erroneous EOF when terminal window size changes (github #372). * Fixed compile error with some definitions of ECHONL (github #395). * Fixed crash on Windows when writing logfile (github #405). * Fixed regression in exit code when stdin is /dev/null and output is a file (github #373). * Add lesstest test suite to production release (github #344). * Change lesstest output to conform with automake Simple Test Format (github #399). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-139=1 ## Package List: * SUSE Linux Micro 6.1 (aarch64 ppc64le s390x x86_64) * less-668-slfo.1.1_1.1 * less-debuginfo-668-slfo.1.1_1.1 * less-debugsource-668-slfo.1.1_1.1 ## References: * https://www.suse.com/security/cve/CVE-2024-32487.html * https://bugzilla.suse.com/show_bug.cgi?id=1047218 * https://bugzilla.suse.com/show_bug.cgi?id=1222849 * https://bugzilla.suse.com/show_bug.cgi?id=915387
Attachment: None (type=text/html)
(HTML attachment elided)