ALAS-2025-1958


Amazon Linux 1 Security Advisory: ALAS-2025-1958
Advisory Release Date: 2025-01-30 04:16 Pacific
Advisory Updated Date: 2025-02-05 10:41 Pacific
Severity: Important

Issue Overview:

less through 653 allows OS command execution via a newline character in the name of a file, because quoting is mishandled in filename.c. Exploitation typically requires use with attacker-controlled file names, such as the files extracted from an untrusted archive. Exploitation also requires the LESSOPEN environment variable, but this is set by default in many common cases. (CVE-2024-32487)


Affected Packages:

less


Issue Correction:
Run yum update less to update your system.

New Packages:
i686:
    less-436-13.14.amzn1.i686
    less-debuginfo-436-13.14.amzn1.i686

src:
    less-436-13.14.amzn1.src

x86_64:
    less-debuginfo-436-13.14.amzn1.x86_64
    less-436-13.14.amzn1.x86_64