Package : less
CVE ID : CVE-2022-48624 CVE-2024-32487
Debian Bug : 1064293 1068938 1069681
Several vulnerabilities were discovered in less, a file pager, which may result in the execution of arbitrary commands if a file with a specially crafted file name is processed.
For the oldstable distribution (bullseye), these problems have been fixed in version 551-2+deb11u2.
For the stable distribution (bookworm), these problems have been fixed in version 590-2.1~deb12u2.
We recommend that you upgrade your less packages.
For the detailed security status of less please refer to its security tracker page at:
Information on source package less
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/